diff --git a/Makefile b/Makefile index e41c4ff7f..422a85307 100644 --- a/Makefile +++ b/Makefile @@ -904,7 +904,7 @@ all: haproxy $(EXTRA) endif OBJS = src/proto_http.o src/cfgparse.o src/cfgparse-global.o \ - src/server.o src/stream.o \ + src/cfgparse-listen.o src/server.o src/stream.o \ src/flt_spoe.o src/stick_table.o src/stats.o src/mux_h2.o \ src/checks.o src/haproxy.o src/log.o src/dns.o src/peers.o \ src/standard.o src/sample.o src/cli.o src/stream_interface.o \ diff --git a/include/common/cfgparse.h b/include/common/cfgparse.h index 2ffcea0b0..306972283 100644 --- a/include/common/cfgparse.h +++ b/include/common/cfgparse.h @@ -82,19 +82,12 @@ struct cfg_postparser { int (*func)(); }; -/* some of the most common options which are also the easiest to handle */ -struct cfg_opt { - const char *name; - unsigned int val; - unsigned int cap; - unsigned int checks; - unsigned int mode; -}; - extern int cfg_maxpconn; extern int cfg_maxconn; extern char *cfg_scope; extern struct cfg_kw_list cfg_keywords; +extern char *cursection; +extern struct proxy defproxy; int cfg_parse_global(const char *file, int linenum, char **args, int inv); int cfg_parse_listen(const char *file, int linenum, char **args, int inv); @@ -116,12 +109,14 @@ void cfg_restore_sections(struct list *backup_sections); int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg); int warnif_misplaced_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg); int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg); +int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const char *file, int line); int too_many_args_idx(int maxarg, int index, char **args, char **msg, int *err_code); int too_many_args(int maxarg, char **args, char **msg, int *err_code); int alertif_too_many_args_idx(int maxarg, int index, const char *file, int linenum, char **args, int *err_code); int alertif_too_many_args(int maxarg, const char *file, int linenum, char **args, int *err_code); int parse_process_number(const char *arg, unsigned long *proc, int *autoinc, char **err); unsigned long parse_cpu_set(const char **args, unsigned long *cpu_set, char **err); +void free_email_alert(struct proxy *p); /* * Sends a warning if proxy does not have at least one of the diff --git a/include/proto/proxy.h b/include/proto/proxy.h index 8965ec37f..782372efc 100644 --- a/include/proto/proxy.h +++ b/include/proto/proxy.h @@ -36,6 +36,9 @@ extern struct eb_root used_proxy_id; /* list of proxy IDs in use */ extern unsigned int error_snapshot_id; /* global ID assigned to each error then incremented */ extern struct eb_root proxy_by_name; /* tree of proxies sorted by name */ +extern const struct cfg_opt cfg_opts[]; +extern const struct cfg_opt cfg_opts2[]; + int start_proxies(int verbose); struct task *manage_proxy(struct task *t, void *context, unsigned short state); void soft_stop(void); diff --git a/include/types/proxy.h b/include/types/proxy.h index 8e181fada..357e0c1f8 100644 --- a/include/types/proxy.h +++ b/include/types/proxy.h @@ -516,6 +516,15 @@ struct redirect_rule { char *cookie_str; }; +/* some of the most common options which are also the easiest to handle */ +struct cfg_opt { + const char *name; + unsigned int val; + unsigned int cap; + unsigned int checks; + unsigned int mode; +}; + #endif /* _TYPES_PROXY_H */ /* diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c new file mode 100644 index 000000000..aa082be75 --- /dev/null +++ b/src/cfgparse-listen.c @@ -0,0 +1,4315 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +/* Report a warning if a rule is placed after a 'tcp-request session' rule. + * Return 1 if the warning has been emitted, otherwise 0. + */ +int warnif_rule_after_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg) +{ + if (!LIST_ISEMPTY(&proxy->tcp_req.l5_rules)) { + ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'tcp-request session' rule will still be processed before.\n", + file, line, arg); + return 1; + } + return 0; +} + +/* Report a warning if a rule is placed after a 'tcp-request content' rule. + * Return 1 if the warning has been emitted, otherwise 0. + */ +int warnif_rule_after_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg) +{ + if (!LIST_ISEMPTY(&proxy->tcp_req.inspect_rules)) { + ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'tcp-request content' rule will still be processed before.\n", + file, line, arg); + return 1; + } + return 0; +} + +/* Report a warning if a rule is placed after a 'monitor fail' rule. + * Return 1 if the warning has been emitted, otherwise 0. + */ +int warnif_rule_after_monitor(struct proxy *proxy, const char *file, int line, const char *arg) +{ + if (!LIST_ISEMPTY(&proxy->mon_fail_cond)) { + ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'monitor fail' rule will still be processed before.\n", + file, line, arg); + return 1; + } + return 0; +} + +/* Report a warning if a rule is placed after a 'block' rule. + * Return 1 if the warning has been emitted, otherwise 0. + */ +int warnif_rule_after_block(struct proxy *proxy, const char *file, int line, const char *arg) +{ + if (!LIST_ISEMPTY(&proxy->block_rules)) { + ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'block' rule will still be processed before.\n", + file, line, arg); + return 1; + } + return 0; +} + +/* Report a warning if a rule is placed after an 'http_request' rule. + * Return 1 if the warning has been emitted, otherwise 0. + */ +int warnif_rule_after_http_req(struct proxy *proxy, const char *file, int line, const char *arg) +{ + if (!LIST_ISEMPTY(&proxy->http_req_rules)) { + ha_warning("parsing [%s:%d] : a '%s' rule placed after an 'http-request' rule will still be processed before.\n", + file, line, arg); + return 1; + } + return 0; +} + +/* Report a warning if a rule is placed after a reqrewrite rule. + * Return 1 if the warning has been emitted, otherwise 0. + */ +int warnif_rule_after_reqxxx(struct proxy *proxy, const char *file, int line, const char *arg) +{ + if (proxy->req_exp) { + ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'reqxxx' rule will still be processed before.\n", + file, line, arg); + return 1; + } + return 0; +} + +/* Report a warning if a rule is placed after a reqadd rule. + * Return 1 if the warning has been emitted, otherwise 0. + */ +int warnif_rule_after_reqadd(struct proxy *proxy, const char *file, int line, const char *arg) +{ + if (!LIST_ISEMPTY(&proxy->req_add)) { + ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'reqadd' rule will still be processed before.\n", + file, line, arg); + return 1; + } + return 0; +} + +/* Report a warning if a rule is placed after a redirect rule. + * Return 1 if the warning has been emitted, otherwise 0. + */ +int warnif_rule_after_redirect(struct proxy *proxy, const char *file, int line, const char *arg) +{ + if (!LIST_ISEMPTY(&proxy->redirect_rules)) { + ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'redirect' rule will still be processed before.\n", + file, line, arg); + return 1; + } + return 0; +} + +/* Report a warning if a rule is placed after a 'use_backend' rule. + * Return 1 if the warning has been emitted, otherwise 0. + */ +int warnif_rule_after_use_backend(struct proxy *proxy, const char *file, int line, const char *arg) +{ + if (!LIST_ISEMPTY(&proxy->switching_rules)) { + ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'use_backend' rule will still be processed before.\n", + file, line, arg); + return 1; + } + return 0; +} + +/* Report a warning if a rule is placed after a 'use-server' rule. + * Return 1 if the warning has been emitted, otherwise 0. + */ +int warnif_rule_after_use_server(struct proxy *proxy, const char *file, int line, const char *arg) +{ + if (!LIST_ISEMPTY(&proxy->server_rules)) { + ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'use-server' rule will still be processed before.\n", + file, line, arg); + return 1; + } + return 0; +} + +/* report a warning if a redirect rule is dangerously placed */ +int warnif_misplaced_redirect(struct proxy *proxy, const char *file, int line, const char *arg) +{ + return warnif_rule_after_use_backend(proxy, file, line, arg) || + warnif_rule_after_use_server(proxy, file, line, arg); +} + +/* report a warning if a reqadd rule is dangerously placed */ +int warnif_misplaced_reqadd(struct proxy *proxy, const char *file, int line, const char *arg) +{ + return warnif_rule_after_redirect(proxy, file, line, arg) || + warnif_misplaced_redirect(proxy, file, line, arg); +} + +/* report a warning if a reqxxx rule is dangerously placed */ +int warnif_misplaced_reqxxx(struct proxy *proxy, const char *file, int line, const char *arg) +{ + return warnif_rule_after_reqadd(proxy, file, line, arg) || + warnif_misplaced_reqadd(proxy, file, line, arg); +} + +/* report a warning if an http-request rule is dangerously placed */ +int warnif_misplaced_http_req(struct proxy *proxy, const char *file, int line, const char *arg) +{ + return warnif_rule_after_reqxxx(proxy, file, line, arg) || + warnif_misplaced_reqxxx(proxy, file, line, arg);; +} + +/* report a warning if a block rule is dangerously placed */ +int warnif_misplaced_block(struct proxy *proxy, const char *file, int line, const char *arg) +{ + return warnif_rule_after_http_req(proxy, file, line, arg) || + warnif_misplaced_http_req(proxy, file, line, arg); +} + +/* report a warning if a block rule is dangerously placed */ +int warnif_misplaced_monitor(struct proxy *proxy, const char *file, int line, const char *arg) +{ + return warnif_rule_after_block(proxy, file, line, arg) || + warnif_misplaced_block(proxy, file, line, arg); +} + +/* report a warning if a "tcp request content" rule is dangerously placed */ +int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg) +{ + return warnif_rule_after_monitor(proxy, file, line, arg) || + warnif_misplaced_monitor(proxy, file, line, arg); +} + +/* report a warning if a "tcp request session" rule is dangerously placed */ +int warnif_misplaced_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg) +{ + return warnif_rule_after_tcp_cont(proxy, file, line, arg) || + warnif_misplaced_tcp_cont(proxy, file, line, arg); +} + +/* report a warning if a "tcp request connection" rule is dangerously placed */ +int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg) +{ + return warnif_rule_after_tcp_sess(proxy, file, line, arg) || + warnif_misplaced_tcp_sess(proxy, file, line, arg); +} + +/* This function createss a new req* or rsp* rule to the proxy. It compiles the + * regex and may return the ERR_WARN bit, and error bits such as ERR_ALERT and + * ERR_FATAL in case of error. + */ +static int create_cond_regex_rule(const char *file, int line, + struct proxy *px, int dir, int action, int flags, + const char *cmd, const char *reg, const char *repl, + const char **cond_start) +{ + struct my_regex *preg = NULL; + char *errmsg = NULL; + const char *err; + char *error; + int ret_code = 0; + struct acl_cond *cond = NULL; + int cs; + int cap; + + if (px == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, line, cmd); + ret_code |= ERR_ALERT | ERR_FATAL; + goto err; + } + + if (*reg == 0) { + ha_alert("parsing [%s:%d] : '%s' expects as an argument.\n", file, line, cmd); + ret_code |= ERR_ALERT | ERR_FATAL; + goto err; + } + + if (warnifnotcap(px, PR_CAP_FE | PR_CAP_BE, file, line, cmd, NULL)) + ret_code |= ERR_WARN; + + if (cond_start && + (strcmp(*cond_start, "if") == 0 || strcmp(*cond_start, "unless") == 0)) { + if ((cond = build_acl_cond(file, line, &px->acl, px, cond_start, &errmsg)) == NULL) { + ha_alert("parsing [%s:%d] : error detected while parsing a '%s' condition : %s.\n", + file, line, cmd, errmsg); + ret_code |= ERR_ALERT | ERR_FATAL; + goto err; + } + } + else if (cond_start && **cond_start) { + ha_alert("parsing [%s:%d] : '%s' : Expecting nothing, 'if', or 'unless', got '%s'.\n", + file, line, cmd, *cond_start); + ret_code |= ERR_ALERT | ERR_FATAL; + goto err; + } + + ret_code |= warnif_cond_conflicts(cond, + (dir == SMP_OPT_DIR_REQ) ? + ((px->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR) : + ((px->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR), + file, line); + + preg = calloc(1, sizeof(*preg)); + if (!preg) { + ha_alert("parsing [%s:%d] : '%s' : not enough memory to build regex.\n", file, line, cmd); + ret_code = ERR_ALERT | ERR_FATAL; + goto err; + } + + cs = !(flags & REG_ICASE); + cap = !(flags & REG_NOSUB); + error = NULL; + if (!regex_comp(reg, preg, cs, cap, &error)) { + ha_alert("parsing [%s:%d] : '%s' : regular expression '%s' : %s\n", file, line, cmd, reg, error); + free(error); + ret_code = ERR_ALERT | ERR_FATAL; + goto err; + } + + err = chain_regex((dir == SMP_OPT_DIR_REQ) ? &px->req_exp : &px->rsp_exp, + preg, action, repl ? strdup(repl) : NULL, cond); + if (repl && err) { + ha_alert("parsing [%s:%d] : '%s' : invalid character or unterminated sequence in replacement string near '%c'.\n", + file, line, cmd, *err); + ret_code |= ERR_ALERT | ERR_FATAL; + goto err_free; + } + + if (dir == SMP_OPT_DIR_REQ && warnif_misplaced_reqxxx(px, file, line, cmd)) + ret_code |= ERR_WARN; + + return ret_code; + + err_free: + regex_free(preg); + err: + free(preg); + free(errmsg); + return ret_code; +} + +int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) +{ + static struct proxy *curproxy = NULL; + const char *err; + char *error; + int rc; + unsigned val; + int err_code = 0; + struct acl_cond *cond = NULL; + struct logsrv *tmplogsrv; + char *errmsg = NULL; + struct bind_conf *bind_conf; + + if (!strcmp(args[0], "listen")) + rc = PR_CAP_LISTEN; + else if (!strcmp(args[0], "frontend")) + rc = PR_CAP_FE; + else if (!strcmp(args[0], "backend")) + rc = PR_CAP_BE; + else + rc = PR_CAP_NONE; + + if (rc != PR_CAP_NONE) { /* new proxy */ + if (!*args[1]) { + ha_alert("parsing [%s:%d] : '%s' expects an argument and\n" + " optionally supports [addr1]:port1[-end1]{,[addr]:port[-end]}...\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + + err = invalid_char(args[1]); + if (err) { + ha_alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n", + file, linenum, *err, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + } + + curproxy = (rc & PR_CAP_FE) ? proxy_fe_by_name(args[1]) : proxy_be_by_name(args[1]); + if (curproxy) { + ha_alert("Parsing [%s:%d]: %s '%s' has the same name as %s '%s' declared at %s:%d.\n", + file, linenum, proxy_cap_str(rc), args[1], proxy_type_str(curproxy), + curproxy->id, curproxy->conf.file, curproxy->conf.line); + err_code |= ERR_ALERT | ERR_FATAL; + } + + if ((curproxy = calloc(1, sizeof(*curproxy))) == NULL) { + ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + + init_new_proxy(curproxy); + curproxy->next = proxies_list; + proxies_list = curproxy; + curproxy->conf.args.file = curproxy->conf.file = strdup(file); + curproxy->conf.args.line = curproxy->conf.line = linenum; + curproxy->last_change = now.tv_sec; + curproxy->id = strdup(args[1]); + curproxy->cap = rc; + proxy_store_name(curproxy); + + if (alertif_too_many_args(1, file, linenum, args, &err_code)) { + if (curproxy->cap & PR_CAP_FE) + ha_alert("parsing [%s:%d] : please use the 'bind' keyword for listening addresses.\n", file, linenum); + goto out; + } + + /* set default values */ + memcpy(&curproxy->defsrv, &defproxy.defsrv, sizeof(curproxy->defsrv)); + curproxy->defsrv.id = "default-server"; + + curproxy->state = defproxy.state; + curproxy->options = defproxy.options; + curproxy->options2 = defproxy.options2; + curproxy->no_options = defproxy.no_options; + curproxy->no_options2 = defproxy.no_options2; + curproxy->bind_proc = defproxy.bind_proc; + curproxy->except_net = defproxy.except_net; + curproxy->except_mask = defproxy.except_mask; + curproxy->except_to = defproxy.except_to; + curproxy->except_mask_to = defproxy.except_mask_to; + + if (defproxy.fwdfor_hdr_len) { + curproxy->fwdfor_hdr_len = defproxy.fwdfor_hdr_len; + curproxy->fwdfor_hdr_name = strdup(defproxy.fwdfor_hdr_name); + } + + if (defproxy.orgto_hdr_len) { + curproxy->orgto_hdr_len = defproxy.orgto_hdr_len; + curproxy->orgto_hdr_name = strdup(defproxy.orgto_hdr_name); + } + + if (defproxy.server_id_hdr_len) { + curproxy->server_id_hdr_len = defproxy.server_id_hdr_len; + curproxy->server_id_hdr_name = strdup(defproxy.server_id_hdr_name); + } + + /* initialize error relocations */ + for (rc = 0; rc < HTTP_ERR_SIZE; rc++) + chunk_dup(&curproxy->errmsg[rc], &defproxy.errmsg[rc]); + + if (curproxy->cap & PR_CAP_FE) { + curproxy->maxconn = defproxy.maxconn; + curproxy->backlog = defproxy.backlog; + curproxy->fe_sps_lim = defproxy.fe_sps_lim; + + curproxy->to_log = defproxy.to_log & ~LW_COOKIE & ~LW_REQHDR & ~ LW_RSPHDR; + } + + if (curproxy->cap & PR_CAP_BE) { + curproxy->lbprm.algo = defproxy.lbprm.algo; + curproxy->lbprm.chash.balance_factor = defproxy.lbprm.chash.balance_factor; + curproxy->fullconn = defproxy.fullconn; + curproxy->conn_retries = defproxy.conn_retries; + curproxy->redispatch_after = defproxy.redispatch_after; + curproxy->max_ka_queue = defproxy.max_ka_queue; + + if (defproxy.check_req) { + curproxy->check_req = calloc(1, defproxy.check_len); + memcpy(curproxy->check_req, defproxy.check_req, defproxy.check_len); + } + curproxy->check_len = defproxy.check_len; + + if (defproxy.expect_str) { + curproxy->expect_str = strdup(defproxy.expect_str); + if (defproxy.expect_regex) { + /* note: this regex is known to be valid */ + curproxy->expect_regex = calloc(1, sizeof(*curproxy->expect_regex)); + regex_comp(defproxy.expect_str, curproxy->expect_regex, 1, 1, NULL); + } + } + + curproxy->ck_opts = defproxy.ck_opts; + if (defproxy.cookie_name) + curproxy->cookie_name = strdup(defproxy.cookie_name); + curproxy->cookie_len = defproxy.cookie_len; + + if (defproxy.dyncookie_key) + curproxy->dyncookie_key = strdup(defproxy.dyncookie_key); + if (defproxy.cookie_domain) + curproxy->cookie_domain = strdup(defproxy.cookie_domain); + + if (defproxy.cookie_maxidle) + curproxy->cookie_maxidle = defproxy.cookie_maxidle; + + if (defproxy.cookie_maxlife) + curproxy->cookie_maxlife = defproxy.cookie_maxlife; + + if (defproxy.rdp_cookie_name) + curproxy->rdp_cookie_name = strdup(defproxy.rdp_cookie_name); + curproxy->rdp_cookie_len = defproxy.rdp_cookie_len; + + if (defproxy.url_param_name) + curproxy->url_param_name = strdup(defproxy.url_param_name); + curproxy->url_param_len = defproxy.url_param_len; + + if (defproxy.hh_name) + curproxy->hh_name = strdup(defproxy.hh_name); + curproxy->hh_len = defproxy.hh_len; + curproxy->hh_match_domain = defproxy.hh_match_domain; + + if (defproxy.conn_src.iface_name) + curproxy->conn_src.iface_name = strdup(defproxy.conn_src.iface_name); + curproxy->conn_src.iface_len = defproxy.conn_src.iface_len; + curproxy->conn_src.opts = defproxy.conn_src.opts; +#if defined(CONFIG_HAP_TRANSPARENT) + curproxy->conn_src.tproxy_addr = defproxy.conn_src.tproxy_addr; +#endif + curproxy->load_server_state_from_file = defproxy.load_server_state_from_file; + } + + if (curproxy->cap & PR_CAP_FE) { + if (defproxy.capture_name) + curproxy->capture_name = strdup(defproxy.capture_name); + curproxy->capture_namelen = defproxy.capture_namelen; + curproxy->capture_len = defproxy.capture_len; + } + + if (curproxy->cap & PR_CAP_FE) { + curproxy->timeout.client = defproxy.timeout.client; + curproxy->timeout.clientfin = defproxy.timeout.clientfin; + curproxy->timeout.tarpit = defproxy.timeout.tarpit; + curproxy->timeout.httpreq = defproxy.timeout.httpreq; + curproxy->timeout.httpka = defproxy.timeout.httpka; + curproxy->mon_net = defproxy.mon_net; + curproxy->mon_mask = defproxy.mon_mask; + if (defproxy.monitor_uri) + curproxy->monitor_uri = strdup(defproxy.monitor_uri); + curproxy->monitor_uri_len = defproxy.monitor_uri_len; + if (defproxy.defbe.name) + curproxy->defbe.name = strdup(defproxy.defbe.name); + + /* get either a pointer to the logformat string or a copy of it */ + curproxy->conf.logformat_string = defproxy.conf.logformat_string; + if (curproxy->conf.logformat_string && + curproxy->conf.logformat_string != default_http_log_format && + curproxy->conf.logformat_string != default_tcp_log_format && + curproxy->conf.logformat_string != clf_http_log_format) + curproxy->conf.logformat_string = strdup(curproxy->conf.logformat_string); + + if (defproxy.conf.lfs_file) { + curproxy->conf.lfs_file = strdup(defproxy.conf.lfs_file); + curproxy->conf.lfs_line = defproxy.conf.lfs_line; + } + + /* get either a pointer to the logformat string for RFC5424 structured-data or a copy of it */ + curproxy->conf.logformat_sd_string = defproxy.conf.logformat_sd_string; + if (curproxy->conf.logformat_sd_string && + curproxy->conf.logformat_sd_string != default_rfc5424_sd_log_format) + curproxy->conf.logformat_sd_string = strdup(curproxy->conf.logformat_sd_string); + + if (defproxy.conf.lfsd_file) { + curproxy->conf.lfsd_file = strdup(defproxy.conf.lfsd_file); + curproxy->conf.lfsd_line = defproxy.conf.lfsd_line; + } + } + + if (curproxy->cap & PR_CAP_BE) { + curproxy->timeout.connect = defproxy.timeout.connect; + curproxy->timeout.server = defproxy.timeout.server; + curproxy->timeout.serverfin = defproxy.timeout.serverfin; + curproxy->timeout.check = defproxy.timeout.check; + curproxy->timeout.queue = defproxy.timeout.queue; + curproxy->timeout.tarpit = defproxy.timeout.tarpit; + curproxy->timeout.httpreq = defproxy.timeout.httpreq; + curproxy->timeout.httpka = defproxy.timeout.httpka; + curproxy->timeout.tunnel = defproxy.timeout.tunnel; + curproxy->conn_src.source_addr = defproxy.conn_src.source_addr; + } + + curproxy->mode = defproxy.mode; + curproxy->uri_auth = defproxy.uri_auth; /* for stats */ + + /* copy default logsrvs to curproxy */ + list_for_each_entry(tmplogsrv, &defproxy.logsrvs, list) { + struct logsrv *node = malloc(sizeof(*node)); + memcpy(node, tmplogsrv, sizeof(struct logsrv)); + node->ref = tmplogsrv->ref; + LIST_INIT(&node->list); + LIST_ADDQ(&curproxy->logsrvs, &node->list); + } + + curproxy->conf.uniqueid_format_string = defproxy.conf.uniqueid_format_string; + if (curproxy->conf.uniqueid_format_string) + curproxy->conf.uniqueid_format_string = strdup(curproxy->conf.uniqueid_format_string); + + chunk_dup(&curproxy->log_tag, &defproxy.log_tag); + + if (defproxy.conf.uif_file) { + curproxy->conf.uif_file = strdup(defproxy.conf.uif_file); + curproxy->conf.uif_line = defproxy.conf.uif_line; + } + + /* copy default header unique id */ + if (defproxy.header_unique_id) + curproxy->header_unique_id = strdup(defproxy.header_unique_id); + + /* default compression options */ + if (defproxy.comp != NULL) { + curproxy->comp = calloc(1, sizeof(struct comp)); + curproxy->comp->algos = defproxy.comp->algos; + curproxy->comp->types = defproxy.comp->types; + } + + curproxy->grace = defproxy.grace; + curproxy->conf.used_listener_id = EB_ROOT; + curproxy->conf.used_server_id = EB_ROOT; + + if (defproxy.check_path) + curproxy->check_path = strdup(defproxy.check_path); + if (defproxy.check_command) + curproxy->check_command = strdup(defproxy.check_command); + + if (defproxy.email_alert.mailers.name) + curproxy->email_alert.mailers.name = strdup(defproxy.email_alert.mailers.name); + if (defproxy.email_alert.from) + curproxy->email_alert.from = strdup(defproxy.email_alert.from); + if (defproxy.email_alert.to) + curproxy->email_alert.to = strdup(defproxy.email_alert.to); + if (defproxy.email_alert.myhostname) + curproxy->email_alert.myhostname = strdup(defproxy.email_alert.myhostname); + curproxy->email_alert.level = defproxy.email_alert.level; + curproxy->email_alert.set = defproxy.email_alert.set; + + goto out; + } + else if (!strcmp(args[0], "defaults")) { /* use this one to assign default values */ + /* some variables may have already been initialized earlier */ + /* FIXME-20070101: we should do this too at the end of the + * config parsing to free all default values. + */ + if (alertif_too_many_args(1, file, linenum, args, &err_code)) { + err_code |= ERR_ABORT; + goto out; + } + + free(defproxy.check_req); + free(defproxy.check_command); + free(defproxy.check_path); + free(defproxy.cookie_name); + free(defproxy.rdp_cookie_name); + free(defproxy.dyncookie_key); + free(defproxy.cookie_domain); + free(defproxy.url_param_name); + free(defproxy.hh_name); + free(defproxy.capture_name); + free(defproxy.monitor_uri); + free(defproxy.defbe.name); + free(defproxy.conn_src.iface_name); + free(defproxy.fwdfor_hdr_name); + defproxy.fwdfor_hdr_len = 0; + free(defproxy.orgto_hdr_name); + defproxy.orgto_hdr_len = 0; + free(defproxy.server_id_hdr_name); + defproxy.server_id_hdr_len = 0; + free(defproxy.expect_str); + if (defproxy.expect_regex) { + regex_free(defproxy.expect_regex); + free(defproxy.expect_regex); + defproxy.expect_regex = NULL; + } + + if (defproxy.conf.logformat_string != default_http_log_format && + defproxy.conf.logformat_string != default_tcp_log_format && + defproxy.conf.logformat_string != clf_http_log_format) + free(defproxy.conf.logformat_string); + + free(defproxy.conf.uniqueid_format_string); + free(defproxy.conf.lfs_file); + free(defproxy.conf.uif_file); + chunk_destroy(&defproxy.log_tag); + free_email_alert(&defproxy); + + if (defproxy.conf.logformat_sd_string != default_rfc5424_sd_log_format) + free(defproxy.conf.logformat_sd_string); + free(defproxy.conf.lfsd_file); + + for (rc = 0; rc < HTTP_ERR_SIZE; rc++) + chunk_destroy(&defproxy.errmsg[rc]); + + /* we cannot free uri_auth because it might already be used */ + init_default_instance(); + curproxy = &defproxy; + curproxy->conf.args.file = curproxy->conf.file = strdup(file); + curproxy->conf.args.line = curproxy->conf.line = linenum; + defproxy.cap = PR_CAP_LISTEN; /* all caps for now */ + goto out; + } + else if (curproxy == NULL) { + ha_alert("parsing [%s:%d] : 'listen' or 'defaults' expected.\n", file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + /* update the current file and line being parsed */ + curproxy->conf.args.file = curproxy->conf.file; + curproxy->conf.args.line = linenum; + + /* Now let's parse the proxy-specific keywords */ + if (!strcmp(args[0], "server") || + !strcmp(args[0], "default-server") || + !strcmp(args[0], "server-template")) { + err_code |= parse_server(file, linenum, args, curproxy, &defproxy); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "bind")) { /* new listen addresses */ + struct listener *l; + int cur_arg; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (!*(args[1])) { + ha_alert("parsing [%s:%d] : '%s' expects {|[addr1]:port1[-end1]}{,[addr]:port[-end]}... as arguments.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + bind_conf = bind_conf_alloc(curproxy, file, linenum, args[1], xprt_get(XPRT_RAW)); + + /* use default settings for unix sockets */ + bind_conf->ux.uid = global.unix_bind.ux.uid; + bind_conf->ux.gid = global.unix_bind.ux.gid; + bind_conf->ux.mode = global.unix_bind.ux.mode; + + /* NOTE: the following line might create several listeners if there + * are comma-separated IPs or port ranges. So all further processing + * will have to be applied to all listeners created after last_listen. + */ + if (!str2listener(args[1], curproxy, bind_conf, file, linenum, &errmsg)) { + if (errmsg && *errmsg) { + indent_msg(&errmsg, 2); + ha_alert("parsing [%s:%d] : '%s' : %s\n", file, linenum, args[0], errmsg); + } + else + ha_alert("parsing [%s:%d] : '%s' : error encountered while parsing listening address '%s'.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + list_for_each_entry(l, &bind_conf->listeners, by_bind) { + /* Set default global rights and owner for unix bind */ + global.maxsock++; + } + + cur_arg = 2; + while (*(args[cur_arg])) { + static int bind_dumped; + struct bind_kw *kw; + char *err; + + kw = bind_find_kw(args[cur_arg]); + if (kw) { + char *err = NULL; + int code; + + if (!kw->parse) { + ha_alert("parsing [%s:%d] : '%s %s' : '%s' option is not implemented in this version (check build options).\n", + file, linenum, args[0], args[1], args[cur_arg]); + cur_arg += 1 + kw->skip ; + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + code = kw->parse(args, cur_arg, curproxy, bind_conf, &err); + err_code |= code; + + if (code) { + if (err && *err) { + indent_msg(&err, 2); + ha_alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], err); + } + else + ha_alert("parsing [%s:%d] : '%s %s' : error encountered while processing '%s'.\n", + file, linenum, args[0], args[1], args[cur_arg]); + if (code & ERR_FATAL) { + free(err); + cur_arg += 1 + kw->skip; + goto out; + } + } + free(err); + cur_arg += 1 + kw->skip; + continue; + } + + err = NULL; + if (!bind_dumped) { + bind_dump_kws(&err); + indent_msg(&err, 4); + bind_dumped = 1; + } + + ha_alert("parsing [%s:%d] : '%s %s' unknown keyword '%s'.%s%s\n", + file, linenum, args[0], args[1], args[cur_arg], + err ? " Registered keywords :" : "", err ? err : ""); + free(err); + + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + goto out; + } + else if (!strcmp(args[0], "monitor-net")) { /* set the range of IPs to ignore */ + if (!*args[1] || !str2net(args[1], 1, &curproxy->mon_net, &curproxy->mon_mask)) { + ha_alert("parsing [%s:%d] : '%s' expects address[/mask].\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + /* flush useless bits */ + curproxy->mon_net.s_addr &= curproxy->mon_mask.s_addr; + goto out; + } + else if (!strcmp(args[0], "monitor-uri")) { /* set the URI to intercept */ + if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (alertif_too_many_args(1, file, linenum, args, &err_code)) + goto out; + + if (!*args[1]) { + ha_alert("parsing [%s:%d] : '%s' expects an URI.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + free(curproxy->monitor_uri); + curproxy->monitor_uri_len = strlen(args[1]); + curproxy->monitor_uri = calloc(1, curproxy->monitor_uri_len + 1); + memcpy(curproxy->monitor_uri, args[1], curproxy->monitor_uri_len); + curproxy->monitor_uri[curproxy->monitor_uri_len] = '\0'; + + goto out; + } + else if (!strcmp(args[0], "mode")) { /* sets the proxy mode */ + if (alertif_too_many_args(1, file, linenum, args, &err_code)) + goto out; + + if (!strcmp(args[1], "http")) curproxy->mode = PR_MODE_HTTP; + else if (!strcmp(args[1], "tcp")) curproxy->mode = PR_MODE_TCP; + else if (!strcmp(args[1], "health")) curproxy->mode = PR_MODE_HEALTH; + else { + ha_alert("parsing [%s:%d] : unknown proxy mode '%s'.\n", file, linenum, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "id")) { + struct eb32_node *node; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (alertif_too_many_args(1, file, linenum, args, &err_code)) + goto out; + + if (!*args[1]) { + ha_alert("parsing [%s:%d]: '%s' expects an integer argument.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + curproxy->uuid = atol(args[1]); + curproxy->conf.id.key = curproxy->uuid; + curproxy->options |= PR_O_FORCED_ID; + + if (curproxy->uuid <= 0) { + ha_alert("parsing [%s:%d]: custom id has to be > 0.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + node = eb32_lookup(&used_proxy_id, curproxy->uuid); + if (node) { + struct proxy *target = container_of(node, struct proxy, conf.id); + ha_alert("parsing [%s:%d]: %s %s reuses same custom id as %s %s (declared at %s:%d).\n", + file, linenum, proxy_type_str(curproxy), curproxy->id, + proxy_type_str(target), target->id, target->conf.file, target->conf.line); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + eb32_insert(&used_proxy_id, &curproxy->conf.id); + } + else if (!strcmp(args[0], "description")) { + int i, len=0; + char *d; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (!*args[1]) { + ha_alert("parsing [%s:%d]: '%s' expects a string argument.\n", + file, linenum, args[0]); + return -1; + } + + for (i = 1; *args[i]; i++) + len += strlen(args[i]) + 1; + + d = calloc(1, len); + curproxy->desc = d; + + d += snprintf(d, curproxy->desc + len - d, "%s", args[1]); + for (i = 2; *args[i]; i++) + d += snprintf(d, curproxy->desc + len - d, " %s", args[i]); + + } + else if (!strcmp(args[0], "disabled")) { /* disables this proxy */ + if (alertif_too_many_args(0, file, linenum, args, &err_code)) + goto out; + curproxy->state = PR_STSTOPPED; + } + else if (!strcmp(args[0], "enabled")) { /* enables this proxy (used to revert a disabled default) */ + if (alertif_too_many_args(0, file, linenum, args, &err_code)) + goto out; + curproxy->state = PR_STNEW; + } + else if (!strcmp(args[0], "bind-process")) { /* enable this proxy only on some processes */ + int cur_arg = 1; + unsigned long set = 0; + + while (*args[cur_arg]) { + if (strcmp(args[cur_arg], "all") == 0) { + set = 0; + break; + } + if (parse_process_number(args[cur_arg], &set, NULL, &errmsg)) { + ha_alert("parsing [%s:%d] : %s : %s\n", file, linenum, args[0], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + cur_arg++; + } + curproxy->bind_proc = set; + } + else if (!strcmp(args[0], "acl")) { /* add an ACL */ + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + err = invalid_char(args[1]); + if (err) { + ha_alert("parsing [%s:%d] : character '%c' is not permitted in acl name '%s'.\n", + file, linenum, *err, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (parse_acl((const char **)args + 1, &curproxy->acl, &errmsg, &curproxy->conf.args, file, linenum) == NULL) { + ha_alert("parsing [%s:%d] : error detected while parsing ACL '%s' : %s.\n", + file, linenum, args[1], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "dynamic-cookie-key")) { /* Dynamic cookies secret key */ + + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects as argument.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->dyncookie_key); + curproxy->dyncookie_key = strdup(args[1]); + } + else if (!strcmp(args[0], "cookie")) { /* cookie name */ + int cur_arg; + + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects as argument.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + curproxy->ck_opts = 0; + curproxy->cookie_maxidle = curproxy->cookie_maxlife = 0; + free(curproxy->cookie_domain); curproxy->cookie_domain = NULL; + free(curproxy->cookie_name); + curproxy->cookie_name = strdup(args[1]); + curproxy->cookie_len = strlen(curproxy->cookie_name); + + cur_arg = 2; + while (*(args[cur_arg])) { + if (!strcmp(args[cur_arg], "rewrite")) { + curproxy->ck_opts |= PR_CK_RW; + } + else if (!strcmp(args[cur_arg], "indirect")) { + curproxy->ck_opts |= PR_CK_IND; + } + else if (!strcmp(args[cur_arg], "insert")) { + curproxy->ck_opts |= PR_CK_INS; + } + else if (!strcmp(args[cur_arg], "nocache")) { + curproxy->ck_opts |= PR_CK_NOC; + } + else if (!strcmp(args[cur_arg], "postonly")) { + curproxy->ck_opts |= PR_CK_POST; + } + else if (!strcmp(args[cur_arg], "preserve")) { + curproxy->ck_opts |= PR_CK_PSV; + } + else if (!strcmp(args[cur_arg], "prefix")) { + curproxy->ck_opts |= PR_CK_PFX; + } + else if (!strcmp(args[cur_arg], "httponly")) { + curproxy->ck_opts |= PR_CK_HTTPONLY; + } + else if (!strcmp(args[cur_arg], "secure")) { + curproxy->ck_opts |= PR_CK_SECURE; + } + else if (!strcmp(args[cur_arg], "domain")) { + if (!*args[cur_arg + 1]) { + ha_alert("parsing [%s:%d]: '%s' expects as argument.\n", + file, linenum, args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (*args[cur_arg + 1] != '.' || !strchr(args[cur_arg + 1] + 1, '.')) { + /* rfc2109, 4.3.2 Rejecting Cookies */ + ha_warning("parsing [%s:%d]: domain '%s' contains no embedded" + " dots nor does not start with a dot." + " RFC forbids it, this configuration may not work properly.\n", + file, linenum, args[cur_arg + 1]); + err_code |= ERR_WARN; + } + + err = invalid_domainchar(args[cur_arg + 1]); + if (err) { + ha_alert("parsing [%s:%d]: character '%c' is not permitted in domain name '%s'.\n", + file, linenum, *err, args[cur_arg + 1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (!curproxy->cookie_domain) { + curproxy->cookie_domain = strdup(args[cur_arg + 1]); + } else { + /* one domain was already specified, add another one by + * building the string which will be returned along with + * the cookie. + */ + char *new_ptr; + int new_len = strlen(curproxy->cookie_domain) + + strlen("; domain=") + strlen(args[cur_arg + 1]) + 1; + new_ptr = malloc(new_len); + snprintf(new_ptr, new_len, "%s; domain=%s", curproxy->cookie_domain, args[cur_arg+1]); + free(curproxy->cookie_domain); + curproxy->cookie_domain = new_ptr; + } + cur_arg++; + } + else if (!strcmp(args[cur_arg], "maxidle")) { + unsigned int maxidle; + const char *res; + + if (!*args[cur_arg + 1]) { + ha_alert("parsing [%s:%d]: '%s' expects in seconds as argument.\n", + file, linenum, args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + res = parse_time_err(args[cur_arg + 1], &maxidle, TIME_UNIT_S); + if (res) { + ha_alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n", + file, linenum, *res, args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->cookie_maxidle = maxidle; + cur_arg++; + } + else if (!strcmp(args[cur_arg], "maxlife")) { + unsigned int maxlife; + const char *res; + + if (!*args[cur_arg + 1]) { + ha_alert("parsing [%s:%d]: '%s' expects in seconds as argument.\n", + file, linenum, args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + res = parse_time_err(args[cur_arg + 1], &maxlife, TIME_UNIT_S); + if (res) { + ha_alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n", + file, linenum, *res, args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->cookie_maxlife = maxlife; + cur_arg++; + } + else if (!strcmp(args[cur_arg], "dynamic")) { /* Dynamic persistent cookies secret key */ + + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[cur_arg], NULL)) + err_code |= ERR_WARN; + curproxy->ck_opts |= PR_CK_DYNAMIC; + } + + else { + ha_alert("parsing [%s:%d] : '%s' supports 'rewrite', 'insert', 'prefix', 'indirect', 'nocache', 'postonly', 'domain', 'maxidle', 'dynamic' and 'maxlife' options.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + cur_arg++; + } + if (!POWEROF2(curproxy->ck_opts & (PR_CK_RW|PR_CK_IND))) { + ha_alert("parsing [%s:%d] : cookie 'rewrite' and 'indirect' modes are incompatible.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + } + + if (!POWEROF2(curproxy->ck_opts & (PR_CK_RW|PR_CK_INS|PR_CK_PFX))) { + ha_alert("parsing [%s:%d] : cookie 'rewrite', 'insert' and 'prefix' modes are incompatible.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + } + + if ((curproxy->ck_opts & (PR_CK_PSV | PR_CK_INS | PR_CK_IND)) == PR_CK_PSV) { + ha_alert("parsing [%s:%d] : cookie 'preserve' requires at least 'insert' or 'indirect'.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + } + }/* end else if (!strcmp(args[0], "cookie")) */ + else if (!strcmp(args[0], "email-alert")) { + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (!strcmp(args[1], "from")) { + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", + file, linenum, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->email_alert.from); + curproxy->email_alert.from = strdup(args[2]); + } + else if (!strcmp(args[1], "mailers")) { + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", + file, linenum, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->email_alert.mailers.name); + curproxy->email_alert.mailers.name = strdup(args[2]); + } + else if (!strcmp(args[1], "myhostname")) { + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", + file, linenum, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->email_alert.myhostname); + curproxy->email_alert.myhostname = strdup(args[2]); + } + else if (!strcmp(args[1], "level")) { + curproxy->email_alert.level = get_log_level(args[2]); + if (curproxy->email_alert.level < 0) { + ha_alert("parsing [%s:%d] : unknown log level '%s' after '%s'\n", + file, linenum, args[1], args[2]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[1], "to")) { + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", + file, linenum, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->email_alert.to); + curproxy->email_alert.to = strdup(args[2]); + } + else { + ha_alert("parsing [%s:%d] : email-alert: unknown argument '%s'.\n", + file, linenum, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + /* Indicate that the email_alert is at least partially configured */ + curproxy->email_alert.set = 1; + }/* end else if (!strcmp(args[0], "email-alert")) */ + else if (!strcmp(args[0], "external-check")) { + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (!strcmp(args[1], "command")) { + if (alertif_too_many_args(2, file, linenum, args, &err_code)) + goto out; + if (*(args[2]) == 0) { + ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", + file, linenum, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->check_command); + curproxy->check_command = strdup(args[2]); + } + else if (!strcmp(args[1], "path")) { + if (alertif_too_many_args(2, file, linenum, args, &err_code)) + goto out; + if (*(args[2]) == 0) { + ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", + file, linenum, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->check_path); + curproxy->check_path = strdup(args[2]); + } + else { + ha_alert("parsing [%s:%d] : external-check: unknown argument '%s'.\n", + file, linenum, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + }/* end else if (!strcmp(args[0], "external-check")) */ + else if (!strcmp(args[0], "persist")) { /* persist */ + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : missing persist method.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (!strncmp(args[1], "rdp-cookie", 10)) { + curproxy->options2 |= PR_O2_RDPC_PRST; + + if (*(args[1] + 10) == '(') { /* cookie name */ + const char *beg, *end; + + beg = args[1] + 11; + end = strchr(beg, ')'); + + if (alertif_too_many_args(1, file, linenum, args, &err_code)) + goto out; + + if (!end || end == beg) { + ha_alert("parsing [%s:%d] : persist rdp-cookie(name)' requires an rdp cookie name.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + free(curproxy->rdp_cookie_name); + curproxy->rdp_cookie_name = my_strndup(beg, end - beg); + curproxy->rdp_cookie_len = end-beg; + } + else if (*(args[1] + 10) == '\0') { /* default cookie name 'msts' */ + free(curproxy->rdp_cookie_name); + curproxy->rdp_cookie_name = strdup("msts"); + curproxy->rdp_cookie_len = strlen(curproxy->rdp_cookie_name); + } + else { /* syntax */ + ha_alert("parsing [%s:%d] : persist rdp-cookie(name)' requires an rdp cookie name.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else { + ha_alert("parsing [%s:%d] : unknown persist method.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "appsession")) { /* cookie name */ + ha_alert("parsing [%s:%d] : '%s' is not supported anymore, please check the documentation.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + else if (!strcmp(args[0], "load-server-state-from-file")) { + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + if (!strcmp(args[1], "global")) { /* use the file pointed to by global server-state-file directive */ + curproxy->load_server_state_from_file = PR_SRV_STATE_FILE_GLOBAL; + } + else if (!strcmp(args[1], "local")) { /* use the server-state-file-name variable to locate the server-state file */ + curproxy->load_server_state_from_file = PR_SRV_STATE_FILE_LOCAL; + } + else if (!strcmp(args[1], "none")) { /* don't use server-state-file directive for this backend */ + curproxy->load_server_state_from_file = PR_SRV_STATE_FILE_NONE; + } + else { + ha_alert("parsing [%s:%d] : '%s' expects 'global', 'local' or 'none'. Got '%s'\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "server-state-file-name")) { + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects 'use-backend-name' or a string. Got no argument\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + else if (!strcmp(args[1], "use-backend-name")) + curproxy->server_state_file_name = strdup(curproxy->id); + else + curproxy->server_state_file_name = strdup(args[1]); + } + else if (!strcmp(args[0], "capture")) { + if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (!strcmp(args[1], "cookie")) { /* name of a cookie to capture */ + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (alertif_too_many_args_idx(4, 1, file, linenum, args, &err_code)) + goto out; + + if (*(args[4]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects 'cookie' 'len' .\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->capture_name); + curproxy->capture_name = strdup(args[2]); + curproxy->capture_namelen = strlen(curproxy->capture_name); + curproxy->capture_len = atol(args[4]); + curproxy->to_log |= LW_COOKIE; + } + else if (!strcmp(args[1], "request") && !strcmp(args[2], "header")) { + struct cap_hdr *hdr; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (alertif_too_many_args_idx(4, 1, file, linenum, args, &err_code)) + goto out; + + if (*(args[3]) == 0 || strcmp(args[4], "len") != 0 || *(args[5]) == 0) { + ha_alert("parsing [%s:%d] : '%s %s' expects 'header' 'len' .\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + hdr = calloc(1, sizeof(*hdr)); + hdr->next = curproxy->req_cap; + hdr->name = strdup(args[3]); + hdr->namelen = strlen(args[3]); + hdr->len = atol(args[5]); + hdr->pool = create_pool("caphdr", hdr->len + 1, MEM_F_SHARED); + hdr->index = curproxy->nb_req_cap++; + curproxy->req_cap = hdr; + curproxy->to_log |= LW_REQHDR; + } + else if (!strcmp(args[1], "response") && !strcmp(args[2], "header")) { + struct cap_hdr *hdr; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (alertif_too_many_args_idx(4, 1, file, linenum, args, &err_code)) + goto out; + + if (*(args[3]) == 0 || strcmp(args[4], "len") != 0 || *(args[5]) == 0) { + ha_alert("parsing [%s:%d] : '%s %s' expects 'header' 'len' .\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + hdr = calloc(1, sizeof(*hdr)); + hdr->next = curproxy->rsp_cap; + hdr->name = strdup(args[3]); + hdr->namelen = strlen(args[3]); + hdr->len = atol(args[5]); + hdr->pool = create_pool("caphdr", hdr->len + 1, MEM_F_SHARED); + hdr->index = curproxy->nb_rsp_cap++; + curproxy->rsp_cap = hdr; + curproxy->to_log |= LW_RSPHDR; + } + else { + ha_alert("parsing [%s:%d] : '%s' expects 'cookie' or 'request header' or 'response header'.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "retries")) { /* connection retries */ + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (alertif_too_many_args(1, file, linenum, args, &err_code)) + goto out; + + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects an integer argument (dispatch counts for one).\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->conn_retries = atol(args[1]); + } + else if (!strcmp(args[0], "http-request")) { /* request access control: allow/deny/auth */ + struct act_rule *rule; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (!LIST_ISEMPTY(&curproxy->http_req_rules) && + !LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->cond && + (LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_ACTION_ALLOW || + LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_ACTION_DENY || + LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_HTTP_REDIR || + LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_HTTP_REQ_AUTH)) { + ha_warning("parsing [%s:%d]: previous '%s' action is final and has no condition attached, further entries are NOOP.\n", + file, linenum, args[0]); + err_code |= ERR_WARN; + } + + rule = parse_http_req_cond((const char **)args + 1, file, linenum, curproxy); + + if (!rule) { + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + + err_code |= warnif_misplaced_http_req(curproxy, file, linenum, args[0]); + err_code |= warnif_cond_conflicts(rule->cond, + (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, + file, linenum); + + LIST_ADDQ(&curproxy->http_req_rules, &rule->list); + } + else if (!strcmp(args[0], "http-response")) { /* response access control */ + struct act_rule *rule; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (!LIST_ISEMPTY(&curproxy->http_res_rules) && + !LIST_PREV(&curproxy->http_res_rules, struct act_rule *, list)->cond && + (LIST_PREV(&curproxy->http_res_rules, struct act_rule *, list)->action == ACT_ACTION_ALLOW || + LIST_PREV(&curproxy->http_res_rules, struct act_rule *, list)->action == ACT_ACTION_DENY)) { + ha_warning("parsing [%s:%d]: previous '%s' action is final and has no condition attached, further entries are NOOP.\n", + file, linenum, args[0]); + err_code |= ERR_WARN; + } + + rule = parse_http_res_cond((const char **)args + 1, file, linenum, curproxy); + + if (!rule) { + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + + err_code |= warnif_cond_conflicts(rule->cond, + (curproxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR, + file, linenum); + + LIST_ADDQ(&curproxy->http_res_rules, &rule->list); + } + else if (!strcmp(args[0], "http-send-name-header")) { /* send server name in request header */ + /* set the header name and length into the proxy structure */ + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (!*args[1]) { + ha_alert("parsing [%s:%d] : '%s' requires a header string.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + /* set the desired header name */ + free(curproxy->server_id_hdr_name); + curproxy->server_id_hdr_name = strdup(args[1]); + curproxy->server_id_hdr_len = strlen(curproxy->server_id_hdr_name); + } + else if (!strcmp(args[0], "block")) { /* early blocking based on ACLs */ + struct act_rule *rule; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + /* emulate "block" using "http-request block". Since these rules are supposed to + * be processed before all http-request rules, we put them into their own list + * and will insert them at the end. + */ + rule = parse_http_req_cond((const char **)args, file, linenum, curproxy); + if (!rule) { + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + err_code |= warnif_misplaced_block(curproxy, file, linenum, args[0]); + err_code |= warnif_cond_conflicts(rule->cond, + (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, + file, linenum); + LIST_ADDQ(&curproxy->block_rules, &rule->list); + + if (!already_warned(WARN_BLOCK_DEPRECATED)) + ha_warning("parsing [%s:%d] : The '%s' directive is now deprecated in favor of 'http-request deny' which uses the exact same syntax. The rules are translated but support might disappear in a future version.\n", file, linenum, args[0]); + + } + else if (!strcmp(args[0], "redirect")) { + struct redirect_rule *rule; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if ((rule = http_parse_redirect_rule(file, linenum, curproxy, (const char **)args + 1, &errmsg, 0, 0)) == NULL) { + ha_alert("parsing [%s:%d] : error detected in %s '%s' while parsing redirect rule : %s.\n", + file, linenum, proxy_type_str(curproxy), curproxy->id, errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + LIST_ADDQ(&curproxy->redirect_rules, &rule->list); + err_code |= warnif_misplaced_redirect(curproxy, file, linenum, args[0]); + err_code |= warnif_cond_conflicts(rule->cond, + (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, + file, linenum); + } + else if (!strcmp(args[0], "use_backend")) { + struct switching_rule *rule; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects a backend name.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0) { + if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + 2, &errmsg)) == NULL) { + ha_alert("parsing [%s:%d] : error detected while parsing switching rule : %s.\n", + file, linenum, errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + err_code |= warnif_cond_conflicts(cond, SMP_VAL_FE_SET_BCK, file, linenum); + } + else if (*args[2]) { + ha_alert("parsing [%s:%d] : unexpected keyword '%s' after switching rule, only 'if' and 'unless' are allowed.\n", + file, linenum, args[2]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + rule = calloc(1, sizeof(*rule)); + if (!rule) { + ha_alert("Out of memory error.\n"); + goto out; + } + rule->cond = cond; + rule->be.name = strdup(args[1]); + rule->line = linenum; + rule->file = strdup(file); + if (!rule->file) { + ha_alert("Out of memory error.\n"); + goto out; + } + LIST_INIT(&rule->list); + LIST_ADDQ(&curproxy->switching_rules, &rule->list); + } + else if (strcmp(args[0], "use-server") == 0) { + struct server_rule *rule; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects a server name.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (strcmp(args[2], "if") != 0 && strcmp(args[2], "unless") != 0) { + ha_alert("parsing [%s:%d] : '%s' requires either 'if' or 'unless' followed by a condition.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + 2, &errmsg)) == NULL) { + ha_alert("parsing [%s:%d] : error detected while parsing switching rule : %s.\n", + file, linenum, errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_SET_SRV, file, linenum); + + rule = calloc(1, sizeof(*rule)); + rule->cond = cond; + rule->srv.name = strdup(args[1]); + LIST_INIT(&rule->list); + LIST_ADDQ(&curproxy->server_rules, &rule->list); + curproxy->be_req_ana |= AN_REQ_SRV_RULES; + } + else if ((!strcmp(args[0], "force-persist")) || + (!strcmp(args[0], "ignore-persist"))) { + struct persist_rule *rule; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (strcmp(args[1], "if") != 0 && strcmp(args[1], "unless") != 0) { + ha_alert("parsing [%s:%d] : '%s' requires either 'if' or 'unless' followed by a condition.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + 1, &errmsg)) == NULL) { + ha_alert("parsing [%s:%d] : error detected while parsing a '%s' rule : %s.\n", + file, linenum, args[0], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + /* note: BE_REQ_CNT is the first one after FE_SET_BCK, which is + * where force-persist is applied. + */ + err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_REQ_CNT, file, linenum); + + rule = calloc(1, sizeof(*rule)); + rule->cond = cond; + if (!strcmp(args[0], "force-persist")) { + rule->type = PERSIST_TYPE_FORCE; + } else { + rule->type = PERSIST_TYPE_IGNORE; + } + LIST_INIT(&rule->list); + LIST_ADDQ(&curproxy->persist_rules, &rule->list); + } + else if (!strcmp(args[0], "stick-table")) { + int myidx = 1; + struct proxy *other; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : 'stick-table' is not supported in 'defaults' section.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + other = proxy_tbl_by_name(curproxy->id); + if (other) { + ha_alert("parsing [%s:%d] : stick-table name '%s' conflicts with table declared in %s '%s' at %s:%d.\n", + file, linenum, curproxy->id, proxy_type_str(other), other->id, other->conf.file, other->conf.line); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + curproxy->table.id = curproxy->id; + curproxy->table.type = (unsigned int)-1; + while (*args[myidx]) { + const char *err; + + if (strcmp(args[myidx], "size") == 0) { + myidx++; + if (!*(args[myidx])) { + ha_alert("parsing [%s:%d] : stick-table: missing argument after '%s'.\n", + file, linenum, args[myidx-1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if ((err = parse_size_err(args[myidx], &curproxy->table.size))) { + ha_alert("parsing [%s:%d] : stick-table: unexpected character '%c' in argument of '%s'.\n", + file, linenum, *err, args[myidx-1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + myidx++; + } + else if (strcmp(args[myidx], "peers") == 0) { + myidx++; + if (!*(args[myidx])) { + ha_alert("parsing [%s:%d] : stick-table: missing argument after '%s'.\n", + file, linenum, args[myidx-1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->table.peers.name = strdup(args[myidx++]); + } + else if (strcmp(args[myidx], "expire") == 0) { + myidx++; + if (!*(args[myidx])) { + ha_alert("parsing [%s:%d] : stick-table: missing argument after '%s'.\n", + file, linenum, args[myidx-1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + err = parse_time_err(args[myidx], &val, TIME_UNIT_MS); + if (err) { + ha_alert("parsing [%s:%d] : stick-table: unexpected character '%c' in argument of '%s'.\n", + file, linenum, *err, args[myidx-1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if (val > INT_MAX) { + ha_alert("parsing [%s:%d] : Expire value [%u]ms exceeds maxmimum value of 24.85 days.\n", + file, linenum, val); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->table.expire = val; + myidx++; + } + else if (strcmp(args[myidx], "nopurge") == 0) { + curproxy->table.nopurge = 1; + myidx++; + } + else if (strcmp(args[myidx], "type") == 0) { + myidx++; + if (stktable_parse_type(args, &myidx, &curproxy->table.type, &curproxy->table.key_size) != 0) { + ha_alert("parsing [%s:%d] : stick-table: unknown type '%s'.\n", + file, linenum, args[myidx]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + /* myidx already points to next arg */ + } + else if (strcmp(args[myidx], "store") == 0) { + int type, err; + char *cw, *nw, *sa; + + myidx++; + nw = args[myidx]; + while (*nw) { + /* the "store" keyword supports a comma-separated list */ + cw = nw; + sa = NULL; /* store arg */ + while (*nw && *nw != ',') { + if (*nw == '(') { + *nw = 0; + sa = ++nw; + while (*nw != ')') { + if (!*nw) { + ha_alert("parsing [%s:%d] : %s: missing closing parenthesis after store option '%s'.\n", + file, linenum, args[0], cw); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + nw++; + } + *nw = '\0'; + } + nw++; + } + if (*nw) + *nw++ = '\0'; + type = stktable_get_data_type(cw); + if (type < 0) { + ha_alert("parsing [%s:%d] : %s: unknown store option '%s'.\n", + file, linenum, args[0], cw); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + err = stktable_alloc_data_type(&curproxy->table, type, sa); + switch (err) { + case PE_NONE: break; + case PE_EXIST: + ha_warning("parsing [%s:%d]: %s: store option '%s' already enabled, ignored.\n", + file, linenum, args[0], cw); + err_code |= ERR_WARN; + break; + + case PE_ARG_MISSING: + ha_alert("parsing [%s:%d] : %s: missing argument to store option '%s'.\n", + file, linenum, args[0], cw); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + + case PE_ARG_NOT_USED: + ha_alert("parsing [%s:%d] : %s: unexpected argument to store option '%s'.\n", + file, linenum, args[0], cw); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + + default: + ha_alert("parsing [%s:%d] : %s: error when processing store option '%s'.\n", + file, linenum, args[0], cw); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + myidx++; + } + else { + ha_alert("parsing [%s:%d] : stick-table: unknown argument '%s'.\n", + file, linenum, args[myidx]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + + if (!curproxy->table.size) { + ha_alert("parsing [%s:%d] : stick-table: missing size.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (curproxy->table.type == (unsigned int)-1) { + ha_alert("parsing [%s:%d] : stick-table: missing type.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "stick")) { + struct sticking_rule *rule; + struct sample_expr *expr; + int myidx = 0; + const char *name = NULL; + int flags; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) { + err_code |= ERR_WARN; + goto out; + } + + myidx++; + if ((strcmp(args[myidx], "store") == 0) || + (strcmp(args[myidx], "store-request") == 0)) { + myidx++; + flags = STK_IS_STORE; + } + else if (strcmp(args[myidx], "store-response") == 0) { + myidx++; + flags = STK_IS_STORE | STK_ON_RSP; + } + else if (strcmp(args[myidx], "match") == 0) { + myidx++; + flags = STK_IS_MATCH; + } + else if (strcmp(args[myidx], "on") == 0) { + myidx++; + flags = STK_IS_MATCH | STK_IS_STORE; + } + else { + ha_alert("parsing [%s:%d] : '%s' expects 'on', 'match', or 'store'.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (*(args[myidx]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects a fetch method.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + curproxy->conf.args.ctx = ARGC_STK; + expr = sample_parse_expr(args, &myidx, file, linenum, &errmsg, &curproxy->conf.args); + if (!expr) { + ha_alert("parsing [%s:%d] : '%s': %s\n", file, linenum, args[0], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (flags & STK_ON_RSP) { + if (!(expr->fetch->val & SMP_VAL_BE_STO_RUL)) { + ha_alert("parsing [%s:%d] : '%s': fetch method '%s' extracts information from '%s', none of which is available for 'store-response'.\n", + file, linenum, args[0], expr->fetch->kw, sample_src_names(expr->fetch->use)); + err_code |= ERR_ALERT | ERR_FATAL; + free(expr); + goto out; + } + } else { + if (!(expr->fetch->val & SMP_VAL_BE_SET_SRV)) { + ha_alert("parsing [%s:%d] : '%s': fetch method '%s' extracts information from '%s', none of which is available during request.\n", + file, linenum, args[0], expr->fetch->kw, sample_src_names(expr->fetch->use)); + err_code |= ERR_ALERT | ERR_FATAL; + free(expr); + goto out; + } + } + + /* check if we need to allocate an hdr_idx struct for HTTP parsing */ + curproxy->http_needed |= !!(expr->fetch->use & SMP_USE_HTTP_ANY); + + if (strcmp(args[myidx], "table") == 0) { + myidx++; + name = args[myidx++]; + } + + if (strcmp(args[myidx], "if") == 0 || strcmp(args[myidx], "unless") == 0) { + if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + myidx, &errmsg)) == NULL) { + ha_alert("parsing [%s:%d] : '%s': error detected while parsing sticking condition : %s.\n", + file, linenum, args[0], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + free(expr); + goto out; + } + } + else if (*(args[myidx])) { + ha_alert("parsing [%s:%d] : '%s': unknown keyword '%s'.\n", + file, linenum, args[0], args[myidx]); + err_code |= ERR_ALERT | ERR_FATAL; + free(expr); + goto out; + } + if (flags & STK_ON_RSP) + err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_STO_RUL, file, linenum); + else + err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_SET_SRV, file, linenum); + + rule = calloc(1, sizeof(*rule)); + rule->cond = cond; + rule->expr = expr; + rule->flags = flags; + rule->table.name = name ? strdup(name) : NULL; + LIST_INIT(&rule->list); + if (flags & STK_ON_RSP) + LIST_ADDQ(&curproxy->storersp_rules, &rule->list); + else + LIST_ADDQ(&curproxy->sticking_rules, &rule->list); + } + else if (!strcmp(args[0], "stats")) { + if (curproxy != &defproxy && curproxy->uri_auth == defproxy.uri_auth) + curproxy->uri_auth = NULL; /* we must detach from the default config */ + + if (!*args[1]) { + goto stats_error_parsing; + } else if (!strcmp(args[1], "admin")) { + struct stats_admin_rule *rule; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d]: '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (!stats_check_init_uri_auth(&curproxy->uri_auth)) { + ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + + if (strcmp(args[2], "if") != 0 && strcmp(args[2], "unless") != 0) { + ha_alert("parsing [%s:%d] : '%s %s' requires either 'if' or 'unless' followed by a condition.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + 2, &errmsg)) == NULL) { + ha_alert("parsing [%s:%d] : error detected while parsing a '%s %s' rule : %s.\n", + file, linenum, args[0], args[1], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + err_code |= warnif_cond_conflicts(cond, + (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, + file, linenum); + + rule = calloc(1, sizeof(*rule)); + rule->cond = cond; + LIST_INIT(&rule->list); + LIST_ADDQ(&curproxy->uri_auth->admin_rules, &rule->list); + } else if (!strcmp(args[1], "uri")) { + if (*(args[2]) == 0) { + ha_alert("parsing [%s:%d] : 'uri' needs an URI prefix.\n", file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } else if (!stats_set_uri(&curproxy->uri_auth, args[2])) { + ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + } else if (!strcmp(args[1], "realm")) { + if (*(args[2]) == 0) { + ha_alert("parsing [%s:%d] : 'realm' needs an realm name.\n", file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } else if (!stats_set_realm(&curproxy->uri_auth, args[2])) { + ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + } else if (!strcmp(args[1], "refresh")) { + unsigned interval; + + err = parse_time_err(args[2], &interval, TIME_UNIT_S); + if (err) { + ha_alert("parsing [%s:%d] : unexpected character '%c' in stats refresh interval.\n", + file, linenum, *err); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } else if (!stats_set_refresh(&curproxy->uri_auth, interval)) { + ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + } else if (!strcmp(args[1], "http-request")) { /* request access control: allow/deny/auth */ + struct act_rule *rule; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (!stats_check_init_uri_auth(&curproxy->uri_auth)) { + ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + + if (!LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules) && + !LIST_PREV(&curproxy->uri_auth->http_req_rules, struct act_rule *, list)->cond) { + ha_warning("parsing [%s:%d]: previous '%s' action has no condition attached, further entries are NOOP.\n", + file, linenum, args[0]); + err_code |= ERR_WARN; + } + + rule = parse_http_req_cond((const char **)args + 2, file, linenum, curproxy); + + if (!rule) { + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + + err_code |= warnif_cond_conflicts(rule->cond, + (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, + file, linenum); + LIST_ADDQ(&curproxy->uri_auth->http_req_rules, &rule->list); + + } else if (!strcmp(args[1], "auth")) { + if (*(args[2]) == 0) { + ha_alert("parsing [%s:%d] : 'auth' needs a user:password account.\n", file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } else if (!stats_add_auth(&curproxy->uri_auth, args[2])) { + ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + } else if (!strcmp(args[1], "scope")) { + if (*(args[2]) == 0) { + ha_alert("parsing [%s:%d] : 'scope' needs a proxy name.\n", file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } else if (!stats_add_scope(&curproxy->uri_auth, args[2])) { + ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + } else if (!strcmp(args[1], "enable")) { + if (!stats_check_init_uri_auth(&curproxy->uri_auth)) { + ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + } else if (!strcmp(args[1], "hide-version")) { + if (!stats_set_flag(&curproxy->uri_auth, ST_HIDEVER)) { + ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + } else if (!strcmp(args[1], "show-legends")) { + if (!stats_set_flag(&curproxy->uri_auth, ST_SHLGNDS)) { + ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + } else if (!strcmp(args[1], "show-node")) { + + if (*args[2]) { + int i; + char c; + + for (i=0; args[2][i]; i++) { + c = args[2][i]; + if (!isupper((unsigned char)c) && !islower((unsigned char)c) && + !isdigit((unsigned char)c) && c != '_' && c != '-' && c != '.') + break; + } + + if (!i || args[2][i]) { + ha_alert("parsing [%s:%d]: '%s %s' invalid node name - should be a string" + "with digits(0-9), letters(A-Z, a-z), hyphen(-) or underscode(_).\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + + if (!stats_set_node(&curproxy->uri_auth, args[2])) { + ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + } else if (!strcmp(args[1], "show-desc")) { + char *desc = NULL; + + if (*args[2]) { + int i, len=0; + char *d; + + for (i = 2; *args[i]; i++) + len += strlen(args[i]) + 1; + + desc = d = calloc(1, len); + + d += snprintf(d, desc + len - d, "%s", args[2]); + for (i = 3; *args[i]; i++) + d += snprintf(d, desc + len - d, " %s", args[i]); + } + + if (!*args[2] && !global.desc) + ha_warning("parsing [%s:%d]: '%s' requires a parameter or 'desc' to be set in the global section.\n", + file, linenum, args[1]); + else { + if (!stats_set_desc(&curproxy->uri_auth, desc)) { + free(desc); + ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum); + err_code |= ERR_ALERT | ERR_ABORT; + goto out; + } + free(desc); + } + } else { +stats_error_parsing: + ha_alert("parsing [%s:%d]: %s '%s', expects 'admin', 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'.\n", + file, linenum, *args[1]?"unknown stats parameter":"missing keyword in", args[*args[1]?1:0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "option")) { + int optnum; + + if (*(args[1]) == '\0') { + ha_alert("parsing [%s:%d]: '%s' expects an option name.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + for (optnum = 0; cfg_opts[optnum].name; optnum++) { + if (!strcmp(args[1], cfg_opts[optnum].name)) { + if (cfg_opts[optnum].cap == PR_CAP_NONE) { + ha_alert("parsing [%s:%d]: option '%s' is not supported due to build options.\n", + file, linenum, cfg_opts[optnum].name); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + + if (warnifnotcap(curproxy, cfg_opts[optnum].cap, file, linenum, args[1], NULL)) { + err_code |= ERR_WARN; + goto out; + } + + curproxy->no_options &= ~cfg_opts[optnum].val; + curproxy->options &= ~cfg_opts[optnum].val; + + switch (kwm) { + case KWM_STD: + curproxy->options |= cfg_opts[optnum].val; + break; + case KWM_NO: + curproxy->no_options |= cfg_opts[optnum].val; + break; + case KWM_DEF: /* already cleared */ + break; + } + + goto out; + } + } + + for (optnum = 0; cfg_opts2[optnum].name; optnum++) { + if (!strcmp(args[1], cfg_opts2[optnum].name)) { + if (cfg_opts2[optnum].cap == PR_CAP_NONE) { + ha_alert("parsing [%s:%d]: option '%s' is not supported due to build options.\n", + file, linenum, cfg_opts2[optnum].name); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + if (warnifnotcap(curproxy, cfg_opts2[optnum].cap, file, linenum, args[1], NULL)) { + err_code |= ERR_WARN; + goto out; + } + + curproxy->no_options2 &= ~cfg_opts2[optnum].val; + curproxy->options2 &= ~cfg_opts2[optnum].val; + + switch (kwm) { + case KWM_STD: + curproxy->options2 |= cfg_opts2[optnum].val; + break; + case KWM_NO: + curproxy->no_options2 |= cfg_opts2[optnum].val; + break; + case KWM_DEF: /* already cleared */ + break; + } + goto out; + } + } + + /* HTTP options override each other. They can be cancelled using + * "no option xxx" which only switches to default mode if the mode + * was this one (useful for cancelling options set in defaults + * sections). + */ + if (strcmp(args[1], "httpclose") == 0 || strcmp(args[1], "forceclose") == 0) { + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + if (kwm == KWM_STD) { + curproxy->options &= ~PR_O_HTTP_MODE; + curproxy->options |= PR_O_HTTP_CLO; + goto out; + } + else if (kwm == KWM_NO) { + if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_CLO) + curproxy->options &= ~PR_O_HTTP_MODE; + goto out; + } + } + else if (strcmp(args[1], "http-server-close") == 0) { + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + if (kwm == KWM_STD) { + curproxy->options &= ~PR_O_HTTP_MODE; + curproxy->options |= PR_O_HTTP_SCL; + goto out; + } + else if (kwm == KWM_NO) { + if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_SCL) + curproxy->options &= ~PR_O_HTTP_MODE; + goto out; + } + } + else if (strcmp(args[1], "http-keep-alive") == 0) { + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + if (kwm == KWM_STD) { + curproxy->options &= ~PR_O_HTTP_MODE; + curproxy->options |= PR_O_HTTP_KAL; + goto out; + } + else if (kwm == KWM_NO) { + if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_KAL) + curproxy->options &= ~PR_O_HTTP_MODE; + goto out; + } + } + else if (strcmp(args[1], "http-tunnel") == 0) { + if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[1], NULL)) { + err_code |= ERR_WARN; + goto out; + } + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + if (kwm == KWM_STD) { + curproxy->options &= ~PR_O_HTTP_MODE; + curproxy->options |= PR_O_HTTP_TUN; + goto out; + } + else if (kwm == KWM_NO) { + if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_TUN) + curproxy->options &= ~PR_O_HTTP_MODE; + goto out; + } + } + + /* Redispatch can take an integer argument that control when the + * resispatch occurs. All values are relative to the retries option. + * This can be cancelled using "no option xxx". + */ + if (strcmp(args[1], "redispatch") == 0) { + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) { + err_code |= ERR_WARN; + goto out; + } + + curproxy->no_options &= ~PR_O_REDISP; + curproxy->options &= ~PR_O_REDISP; + + switch (kwm) { + case KWM_STD: + curproxy->options |= PR_O_REDISP; + curproxy->redispatch_after = -1; + if(*args[2]) { + curproxy->redispatch_after = atol(args[2]); + } + break; + case KWM_NO: + curproxy->no_options |= PR_O_REDISP; + curproxy->redispatch_after = 0; + break; + case KWM_DEF: /* already cleared */ + break; + } + goto out; + } + + if (kwm != KWM_STD) { + ha_alert("parsing [%s:%d]: negation/default is not supported for option '%s'.\n", + file, linenum, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (!strcmp(args[1], "httplog")) { + char *logformat; + /* generate a complete HTTP log */ + logformat = default_http_log_format; + if (*(args[2]) != '\0') { + if (!strcmp(args[2], "clf")) { + curproxy->options2 |= PR_O2_CLFLOG; + logformat = clf_http_log_format; + } else { + ha_alert("parsing [%s:%d] : keyword '%s' only supports option 'clf'.\n", file, linenum, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if (alertif_too_many_args_idx(1, 1, file, linenum, args, &err_code)) + goto out; + } + if (curproxy->conf.logformat_string && curproxy == &defproxy) { + char *oldlogformat = "log-format"; + char *clflogformat = ""; + + if (curproxy->conf.logformat_string == default_http_log_format) + oldlogformat = "option httplog"; + else if (curproxy->conf.logformat_string == default_tcp_log_format) + oldlogformat = "option tcplog"; + else if (curproxy->conf.logformat_string == clf_http_log_format) + oldlogformat = "option httplog clf"; + if (logformat == clf_http_log_format) + clflogformat = " clf"; + ha_warning("parsing [%s:%d]: 'option httplog%s' overrides previous '%s' in 'defaults' section.\n", + file, linenum, clflogformat, oldlogformat); + } + if (curproxy->conf.logformat_string != default_http_log_format && + curproxy->conf.logformat_string != default_tcp_log_format && + curproxy->conf.logformat_string != clf_http_log_format) + free(curproxy->conf.logformat_string); + curproxy->conf.logformat_string = logformat; + + free(curproxy->conf.lfs_file); + curproxy->conf.lfs_file = strdup(curproxy->conf.args.file); + curproxy->conf.lfs_line = curproxy->conf.args.line; + + if (curproxy != &defproxy && !(curproxy->cap & PR_CAP_FE)) { + ha_warning("parsing [%s:%d] : backend '%s' : 'option httplog' directive is ignored in backends.\n", + file, linenum, curproxy->id); + err_code |= ERR_WARN; + } + } + else if (!strcmp(args[1], "tcplog")) { + if (curproxy->conf.logformat_string && curproxy == &defproxy) { + char *oldlogformat = "log-format"; + + if (curproxy->conf.logformat_string == default_http_log_format) + oldlogformat = "option httplog"; + else if (curproxy->conf.logformat_string == default_tcp_log_format) + oldlogformat = "option tcplog"; + else if (curproxy->conf.logformat_string == clf_http_log_format) + oldlogformat = "option httplog clf"; + ha_warning("parsing [%s:%d]: 'option tcplog' overrides previous '%s' in 'defaults' section.\n", + file, linenum, oldlogformat); + } + /* generate a detailed TCP log */ + if (curproxy->conf.logformat_string != default_http_log_format && + curproxy->conf.logformat_string != default_tcp_log_format && + curproxy->conf.logformat_string != clf_http_log_format) + free(curproxy->conf.logformat_string); + curproxy->conf.logformat_string = default_tcp_log_format; + + free(curproxy->conf.lfs_file); + curproxy->conf.lfs_file = strdup(curproxy->conf.args.file); + curproxy->conf.lfs_line = curproxy->conf.args.line; + + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + + if (curproxy != &defproxy && !(curproxy->cap & PR_CAP_FE)) { + ha_warning("parsing [%s:%d] : backend '%s' : 'option tcplog' directive is ignored in backends.\n", + file, linenum, curproxy->id); + err_code |= ERR_WARN; + } + } + else if (!strcmp(args[1], "tcpka")) { + /* enable TCP keep-alives on client and server streams */ + if (warnifnotcap(curproxy, PR_CAP_BE | PR_CAP_FE, file, linenum, args[1], NULL)) + err_code |= ERR_WARN; + + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + + if (curproxy->cap & PR_CAP_FE) + curproxy->options |= PR_O_TCP_CLI_KA; + if (curproxy->cap & PR_CAP_BE) + curproxy->options |= PR_O_TCP_SRV_KA; + } + else if (!strcmp(args[1], "httpchk")) { + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) + err_code |= ERR_WARN; + + /* use HTTP request to check servers' health */ + free(curproxy->check_req); + curproxy->check_req = NULL; + curproxy->options2 &= ~PR_O2_CHK_ANY; + curproxy->options2 |= PR_O2_HTTP_CHK; + if (!*args[2]) { /* no argument */ + curproxy->check_req = strdup(DEF_CHECK_REQ); /* default request */ + curproxy->check_len = strlen(DEF_CHECK_REQ); + } else if (!*args[3]) { /* one argument : URI */ + int reqlen = strlen(args[2]) + strlen("OPTIONS HTTP/1.0\r\n") + 1; + curproxy->check_req = malloc(reqlen); + curproxy->check_len = snprintf(curproxy->check_req, reqlen, + "OPTIONS %s HTTP/1.0\r\n", args[2]); /* URI to use */ + } else { /* more arguments : METHOD URI [HTTP_VER] */ + int reqlen = strlen(args[2]) + strlen(args[3]) + 3 + strlen("\r\n"); + if (*args[4]) + reqlen += strlen(args[4]); + else + reqlen += strlen("HTTP/1.0"); + + curproxy->check_req = malloc(reqlen); + curproxy->check_len = snprintf(curproxy->check_req, reqlen, + "%s %s %s\r\n", args[2], args[3], *args[4]?args[4]:"HTTP/1.0"); + } + if (alertif_too_many_args_idx(3, 1, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[1], "ssl-hello-chk")) { + /* use SSLv3 CLIENT HELLO to check servers' health */ + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) + err_code |= ERR_WARN; + + free(curproxy->check_req); + curproxy->check_req = NULL; + curproxy->options2 &= ~PR_O2_CHK_ANY; + curproxy->options2 |= PR_O2_SSL3_CHK; + + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[1], "smtpchk")) { + /* use SMTP request to check servers' health */ + free(curproxy->check_req); + curproxy->check_req = NULL; + curproxy->options2 &= ~PR_O2_CHK_ANY; + curproxy->options2 |= PR_O2_SMTP_CHK; + + if (!*args[2] || !*args[3]) { /* no argument or incomplete EHLO host */ + curproxy->check_req = strdup(DEF_SMTP_CHECK_REQ); /* default request */ + curproxy->check_len = strlen(DEF_SMTP_CHECK_REQ); + } else { /* ESMTP EHLO, or SMTP HELO, and a hostname */ + if (!strcmp(args[2], "EHLO") || !strcmp(args[2], "HELO")) { + int reqlen = strlen(args[2]) + strlen(args[3]) + strlen(" \r\n") + 1; + curproxy->check_req = malloc(reqlen); + curproxy->check_len = snprintf(curproxy->check_req, reqlen, + "%s %s\r\n", args[2], args[3]); /* HELO hostname */ + } else { + /* this just hits the default for now, but you could potentially expand it to allow for other stuff + though, it's unlikely you'd want to send anything other than an EHLO or HELO */ + curproxy->check_req = strdup(DEF_SMTP_CHECK_REQ); /* default request */ + curproxy->check_len = strlen(DEF_SMTP_CHECK_REQ); + } + } + if (alertif_too_many_args_idx(2, 1, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[1], "pgsql-check")) { + /* use PostgreSQL request to check servers' health */ + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) + err_code |= ERR_WARN; + + free(curproxy->check_req); + curproxy->check_req = NULL; + curproxy->options2 &= ~PR_O2_CHK_ANY; + curproxy->options2 |= PR_O2_PGSQL_CHK; + + if (*(args[2])) { + int cur_arg = 2; + + while (*(args[cur_arg])) { + if (strcmp(args[cur_arg], "user") == 0) { + char * packet; + uint32_t packet_len; + uint32_t pv; + + /* suboption header - needs additional argument for it */ + if (*(args[cur_arg+1]) == 0) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument.\n", + file, linenum, args[0], args[1], args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + /* uint32_t + uint32_t + strlen("user")+1 + strlen(username)+1 + 1 */ + packet_len = 4 + 4 + 5 + strlen(args[cur_arg + 1])+1 +1; + pv = htonl(0x30000); /* protocol version 3.0 */ + + packet = calloc(1, packet_len); + + memcpy(packet + 4, &pv, 4); + + /* copy "user" */ + memcpy(packet + 8, "user", 4); + + /* copy username */ + memcpy(packet + 13, args[cur_arg+1], strlen(args[cur_arg+1])); + + free(curproxy->check_req); + curproxy->check_req = packet; + curproxy->check_len = packet_len; + + packet_len = htonl(packet_len); + memcpy(packet, &packet_len, 4); + cur_arg += 2; + } else { + /* unknown suboption - catchall */ + ha_alert("parsing [%s:%d] : '%s %s' only supports optional values: 'user'.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } /* end while loop */ + } + if (alertif_too_many_args_idx(2, 1, file, linenum, args, &err_code)) + goto out; + } + + else if (!strcmp(args[1], "redis-check")) { + /* use REDIS PING request to check servers' health */ + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) + err_code |= ERR_WARN; + + free(curproxy->check_req); + curproxy->check_req = NULL; + curproxy->options2 &= ~PR_O2_CHK_ANY; + curproxy->options2 |= PR_O2_REDIS_CHK; + + curproxy->check_req = malloc(sizeof(DEF_REDIS_CHECK_REQ) - 1); + memcpy(curproxy->check_req, DEF_REDIS_CHECK_REQ, sizeof(DEF_REDIS_CHECK_REQ) - 1); + curproxy->check_len = sizeof(DEF_REDIS_CHECK_REQ) - 1; + + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + } + + else if (!strcmp(args[1], "mysql-check")) { + /* use MYSQL request to check servers' health */ + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) + err_code |= ERR_WARN; + + free(curproxy->check_req); + curproxy->check_req = NULL; + curproxy->options2 &= ~PR_O2_CHK_ANY; + curproxy->options2 |= PR_O2_MYSQL_CHK; + + /* This is an example of a MySQL >=4.0 client Authentication packet kindly provided by Cyril Bonte. + * const char mysql40_client_auth_pkt[] = { + * "\x0e\x00\x00" // packet length + * "\x01" // packet number + * "\x00\x00" // client capabilities + * "\x00\x00\x01" // max packet + * "haproxy\x00" // username (null terminated string) + * "\x00" // filler (always 0x00) + * "\x01\x00\x00" // packet length + * "\x00" // packet number + * "\x01" // COM_QUIT command + * }; + */ + + /* This is an example of a MySQL >=4.1 client Authentication packet provided by Nenad Merdanovic. + * const char mysql41_client_auth_pkt[] = { + * "\x0e\x00\x00\" // packet length + * "\x01" // packet number + * "\x00\x00\x00\x00" // client capabilities + * "\x00\x00\x00\x01" // max packet + * "\x21" // character set (UTF-8) + * char[23] // All zeroes + * "haproxy\x00" // username (null terminated string) + * "\x00" // filler (always 0x00) + * "\x01\x00\x00" // packet length + * "\x00" // packet number + * "\x01" // COM_QUIT command + * }; + */ + + + if (*(args[2])) { + int cur_arg = 2; + + while (*(args[cur_arg])) { + if (strcmp(args[cur_arg], "user") == 0) { + char *mysqluser; + int packetlen, reqlen, userlen; + + /* suboption header - needs additional argument for it */ + if (*(args[cur_arg+1]) == 0) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument.\n", + file, linenum, args[0], args[1], args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + mysqluser = args[cur_arg + 1]; + userlen = strlen(mysqluser); + + if (*(args[cur_arg+2])) { + if (!strcmp(args[cur_arg+2], "post-41")) { + packetlen = userlen + 7 + 27; + reqlen = packetlen + 9; + + free(curproxy->check_req); + curproxy->check_req = calloc(1, reqlen); + curproxy->check_len = reqlen; + + snprintf(curproxy->check_req, 4, "%c%c%c", + ((unsigned char) packetlen & 0xff), + ((unsigned char) (packetlen >> 8) & 0xff), + ((unsigned char) (packetlen >> 16) & 0xff)); + + curproxy->check_req[3] = 1; + curproxy->check_req[5] = 0x82; // 130 + curproxy->check_req[11] = 1; + curproxy->check_req[12] = 33; + memcpy(&curproxy->check_req[36], mysqluser, userlen); + curproxy->check_req[36 + userlen + 1 + 1] = 1; + curproxy->check_req[36 + userlen + 1 + 1 + 4] = 1; + cur_arg += 3; + } else { + ha_alert("parsing [%s:%d] : keyword '%s' only supports option 'post-41'.\n", file, linenum, args[cur_arg+2]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } else { + packetlen = userlen + 7; + reqlen = packetlen + 9; + + free(curproxy->check_req); + curproxy->check_req = calloc(1, reqlen); + curproxy->check_len = reqlen; + + snprintf(curproxy->check_req, 4, "%c%c%c", + ((unsigned char) packetlen & 0xff), + ((unsigned char) (packetlen >> 8) & 0xff), + ((unsigned char) (packetlen >> 16) & 0xff)); + + curproxy->check_req[3] = 1; + curproxy->check_req[5] = 0x80; + curproxy->check_req[8] = 1; + memcpy(&curproxy->check_req[9], mysqluser, userlen); + curproxy->check_req[9 + userlen + 1 + 1] = 1; + curproxy->check_req[9 + userlen + 1 + 1 + 4] = 1; + cur_arg += 2; + } + } else { + /* unknown suboption - catchall */ + ha_alert("parsing [%s:%d] : '%s %s' only supports optional values: 'user'.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } /* end while loop */ + } + } + else if (!strcmp(args[1], "ldap-check")) { + /* use LDAP request to check servers' health */ + free(curproxy->check_req); + curproxy->check_req = NULL; + curproxy->options2 &= ~PR_O2_CHK_ANY; + curproxy->options2 |= PR_O2_LDAP_CHK; + + curproxy->check_req = malloc(sizeof(DEF_LDAP_CHECK_REQ) - 1); + memcpy(curproxy->check_req, DEF_LDAP_CHECK_REQ, sizeof(DEF_LDAP_CHECK_REQ) - 1); + curproxy->check_len = sizeof(DEF_LDAP_CHECK_REQ) - 1; + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[1], "spop-check")) { + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if (curproxy->cap & PR_CAP_FE) { + ha_alert("parsing [%s:%d] : '%s %s' not allowed in 'frontend' and 'listen' sections.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + /* use SPOE request to check servers' health */ + free(curproxy->check_req); + curproxy->check_req = NULL; + curproxy->options2 &= ~PR_O2_CHK_ANY; + curproxy->options2 |= PR_O2_SPOP_CHK; + + if (spoe_prepare_healthcheck_request(&curproxy->check_req, &curproxy->check_len)) { + ha_alert("parsing [%s:%d] : failed to prepare SPOP healthcheck request.\n", file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[1], "tcp-check")) { + /* use raw TCPCHK send/expect to check servers' health */ + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) + err_code |= ERR_WARN; + + free(curproxy->check_req); + curproxy->check_req = NULL; + curproxy->options2 &= ~PR_O2_CHK_ANY; + curproxy->options2 |= PR_O2_TCPCHK_CHK; + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[1], "external-check")) { + /* excute an external command to check servers' health */ + free(curproxy->check_req); + curproxy->check_req = NULL; + curproxy->options2 &= ~PR_O2_CHK_ANY; + curproxy->options2 |= PR_O2_EXT_CHK; + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[1], "forwardfor")) { + int cur_arg; + + /* insert x-forwarded-for field, but not for the IP address listed as an except. + * set default options (ie: bitfield, header name, etc) + */ + + curproxy->options |= PR_O_FWDFOR | PR_O_FF_ALWAYS; + + free(curproxy->fwdfor_hdr_name); + curproxy->fwdfor_hdr_name = strdup(DEF_XFORWARDFOR_HDR); + curproxy->fwdfor_hdr_len = strlen(DEF_XFORWARDFOR_HDR); + + /* loop to go through arguments - start at 2, since 0+1 = "option" "forwardfor" */ + cur_arg = 2; + while (*(args[cur_arg])) { + if (!strcmp(args[cur_arg], "except")) { + /* suboption except - needs additional argument for it */ + if (!*(args[cur_arg+1]) || !str2net(args[cur_arg+1], 1, &curproxy->except_net, &curproxy->except_mask)) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects
[/mask] as argument.\n", + file, linenum, args[0], args[1], args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + /* flush useless bits */ + curproxy->except_net.s_addr &= curproxy->except_mask.s_addr; + cur_arg += 2; + } else if (!strcmp(args[cur_arg], "header")) { + /* suboption header - needs additional argument for it */ + if (*(args[cur_arg+1]) == 0) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument.\n", + file, linenum, args[0], args[1], args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->fwdfor_hdr_name); + curproxy->fwdfor_hdr_name = strdup(args[cur_arg+1]); + curproxy->fwdfor_hdr_len = strlen(curproxy->fwdfor_hdr_name); + cur_arg += 2; + } else if (!strcmp(args[cur_arg], "if-none")) { + curproxy->options &= ~PR_O_FF_ALWAYS; + cur_arg += 1; + } else { + /* unknown suboption - catchall */ + ha_alert("parsing [%s:%d] : '%s %s' only supports optional values: 'except', 'header' and 'if-none'.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } /* end while loop */ + } + else if (!strcmp(args[1], "originalto")) { + int cur_arg; + + /* insert x-original-to field, but not for the IP address listed as an except. + * set default options (ie: bitfield, header name, etc) + */ + + curproxy->options |= PR_O_ORGTO; + + free(curproxy->orgto_hdr_name); + curproxy->orgto_hdr_name = strdup(DEF_XORIGINALTO_HDR); + curproxy->orgto_hdr_len = strlen(DEF_XORIGINALTO_HDR); + + /* loop to go through arguments - start at 2, since 0+1 = "option" "originalto" */ + cur_arg = 2; + while (*(args[cur_arg])) { + if (!strcmp(args[cur_arg], "except")) { + /* suboption except - needs additional argument for it */ + if (!*(args[cur_arg+1]) || !str2net(args[cur_arg+1], 1, &curproxy->except_to, &curproxy->except_mask_to)) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects
[/mask] as argument.\n", + file, linenum, args[0], args[1], args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + /* flush useless bits */ + curproxy->except_to.s_addr &= curproxy->except_mask_to.s_addr; + cur_arg += 2; + } else if (!strcmp(args[cur_arg], "header")) { + /* suboption header - needs additional argument for it */ + if (*(args[cur_arg+1]) == 0) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument.\n", + file, linenum, args[0], args[1], args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->orgto_hdr_name); + curproxy->orgto_hdr_name = strdup(args[cur_arg+1]); + curproxy->orgto_hdr_len = strlen(curproxy->orgto_hdr_name); + cur_arg += 2; + } else { + /* unknown suboption - catchall */ + ha_alert("parsing [%s:%d] : '%s %s' only supports optional values: 'except' and 'header'.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } /* end while loop */ + } + else { + ha_alert("parsing [%s:%d] : unknown option '%s'.\n", file, linenum, args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + goto out; + } + else if (!strcmp(args[0], "default_backend")) { + if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects a backend name.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->defbe.name); + curproxy->defbe.name = strdup(args[1]); + + if (alertif_too_many_args_idx(1, 0, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[0], "redispatch") || !strcmp(args[0], "redisp")) { + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (!already_warned(WARN_REDISPATCH_DEPRECATED)) + ha_warning("parsing [%s:%d]: keyword '%s' is deprecated in favor of 'option redispatch', and will not be supported by future versions.\n", + file, linenum, args[0]); + err_code |= ERR_WARN; + /* enable reconnections to dispatch */ + curproxy->options |= PR_O_REDISP; + + if (alertif_too_many_args_idx(1, 0, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[0], "http-reuse")) { + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (strcmp(args[1], "never") == 0) { + /* enable a graceful server shutdown on an HTTP 404 response */ + curproxy->options &= ~PR_O_REUSE_MASK; + curproxy->options |= PR_O_REUSE_NEVR; + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + } + else if (strcmp(args[1], "safe") == 0) { + /* enable a graceful server shutdown on an HTTP 404 response */ + curproxy->options &= ~PR_O_REUSE_MASK; + curproxy->options |= PR_O_REUSE_SAFE; + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + } + else if (strcmp(args[1], "aggressive") == 0) { + curproxy->options &= ~PR_O_REUSE_MASK; + curproxy->options |= PR_O_REUSE_AGGR; + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + } + else if (strcmp(args[1], "always") == 0) { + /* enable a graceful server shutdown on an HTTP 404 response */ + curproxy->options &= ~PR_O_REUSE_MASK; + curproxy->options |= PR_O_REUSE_ALWS; + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + } + else { + ha_alert("parsing [%s:%d] : '%s' only supports 'never', 'safe', 'aggressive', 'always'.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "http-check")) { + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (strcmp(args[1], "disable-on-404") == 0) { + /* enable a graceful server shutdown on an HTTP 404 response */ + curproxy->options |= PR_O_DISABLE404; + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + } + else if (strcmp(args[1], "send-state") == 0) { + /* enable emission of the apparent state of a server in HTTP checks */ + curproxy->options2 |= PR_O2_CHK_SNDST; + if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) + goto out; + } + else if (strcmp(args[1], "expect") == 0) { + const char *ptr_arg; + int cur_arg; + + if (curproxy->options2 & PR_O2_EXP_TYPE) { + ha_alert("parsing [%s:%d] : '%s %s' already specified.\n", file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + cur_arg = 2; + /* consider exclamation marks, sole or at the beginning of a word */ + while (*(ptr_arg = args[cur_arg])) { + while (*ptr_arg == '!') { + curproxy->options2 ^= PR_O2_EXP_INV; + ptr_arg++; + } + if (*ptr_arg) + break; + cur_arg++; + } + /* now ptr_arg points to the beginning of a word past any possible + * exclamation mark, and cur_arg is the argument which holds this word. + */ + if (strcmp(ptr_arg, "status") == 0) { + if (!*(args[cur_arg + 1])) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", + file, linenum, args[0], args[1], ptr_arg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->options2 |= PR_O2_EXP_STS; + free(curproxy->expect_str); + curproxy->expect_str = strdup(args[cur_arg + 1]); + } + else if (strcmp(ptr_arg, "string") == 0) { + if (!*(args[cur_arg + 1])) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", + file, linenum, args[0], args[1], ptr_arg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->options2 |= PR_O2_EXP_STR; + free(curproxy->expect_str); + curproxy->expect_str = strdup(args[cur_arg + 1]); + } + else if (strcmp(ptr_arg, "rstatus") == 0) { + if (!*(args[cur_arg + 1])) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", + file, linenum, args[0], args[1], ptr_arg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->options2 |= PR_O2_EXP_RSTS; + free(curproxy->expect_str); + if (curproxy->expect_regex) { + regex_free(curproxy->expect_regex); + free(curproxy->expect_regex); + curproxy->expect_regex = NULL; + } + curproxy->expect_str = strdup(args[cur_arg + 1]); + curproxy->expect_regex = calloc(1, sizeof(*curproxy->expect_regex)); + error = NULL; + if (!regex_comp(args[cur_arg + 1], curproxy->expect_regex, 1, 1, &error)) { + ha_alert("parsing [%s:%d] : '%s %s %s' : bad regular expression '%s': %s.\n", + file, linenum, args[0], args[1], ptr_arg, args[cur_arg + 1], error); + free(error); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (strcmp(ptr_arg, "rstring") == 0) { + if (!*(args[cur_arg + 1])) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", + file, linenum, args[0], args[1], ptr_arg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->options2 |= PR_O2_EXP_RSTR; + free(curproxy->expect_str); + if (curproxy->expect_regex) { + regex_free(curproxy->expect_regex); + free(curproxy->expect_regex); + curproxy->expect_regex = NULL; + } + curproxy->expect_str = strdup(args[cur_arg + 1]); + curproxy->expect_regex = calloc(1, sizeof(*curproxy->expect_regex)); + error = NULL; + if (!regex_comp(args[cur_arg + 1], curproxy->expect_regex, 1, 1, &error)) { + ha_alert("parsing [%s:%d] : '%s %s %s' : bad regular expression '%s': %s.\n", + file, linenum, args[0], args[1], ptr_arg, args[cur_arg + 1], error); + free(error); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else { + ha_alert("parsing [%s:%d] : '%s %s' only supports [!] 'status', 'string', 'rstatus', 'rstring', found '%s'.\n", + file, linenum, args[0], args[1], ptr_arg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else { + ha_alert("parsing [%s:%d] : '%s' only supports 'disable-on-404', 'send-state', 'expect'.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "tcp-check")) { + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (strcmp(args[1], "comment") == 0) { + int cur_arg; + struct tcpcheck_rule *tcpcheck; + + cur_arg = 1; + tcpcheck = calloc(1, sizeof(*tcpcheck)); + tcpcheck->action = TCPCHK_ACT_COMMENT; + + if (!*args[cur_arg + 1]) { + ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", + file, linenum, args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + tcpcheck->comment = strdup(args[cur_arg + 1]); + + LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); + if (alertif_too_many_args_idx(1, 1, file, linenum, args, &err_code)) + goto out; + } + else if (strcmp(args[1], "connect") == 0) { + const char *ptr_arg; + int cur_arg; + struct tcpcheck_rule *tcpcheck; + + /* check if first rule is also a 'connect' action */ + tcpcheck = LIST_NEXT(&curproxy->tcpcheck_rules, struct tcpcheck_rule *, list); + while (&tcpcheck->list != &curproxy->tcpcheck_rules && + tcpcheck->action == TCPCHK_ACT_COMMENT) { + tcpcheck = LIST_NEXT(&tcpcheck->list, struct tcpcheck_rule *, list); + } + + if (&tcpcheck->list != &curproxy->tcpcheck_rules + && tcpcheck->action != TCPCHK_ACT_CONNECT) { + ha_alert("parsing [%s:%d] : first step MUST also be a 'connect' when there is a 'connect' step in the tcp-check ruleset.\n", + file, linenum); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + cur_arg = 2; + tcpcheck = calloc(1, sizeof(*tcpcheck)); + tcpcheck->action = TCPCHK_ACT_CONNECT; + + /* parsing each parameters to fill up the rule */ + while (*(ptr_arg = args[cur_arg])) { + /* tcp port */ + if (strcmp(args[cur_arg], "port") == 0) { + if ( (atol(args[cur_arg + 1]) > 65535) || + (atol(args[cur_arg + 1]) < 1) ){ + ha_alert("parsing [%s:%d] : '%s %s %s' expects a valid TCP port (from range 1 to 65535), got %s.\n", + file, linenum, args[0], args[1], "port", args[cur_arg + 1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + tcpcheck->port = atol(args[cur_arg + 1]); + cur_arg += 2; + } + /* send proxy protocol */ + else if (strcmp(args[cur_arg], "send-proxy") == 0) { + tcpcheck->conn_opts |= TCPCHK_OPT_SEND_PROXY; + cur_arg++; + } +#ifdef USE_OPENSSL + else if (strcmp(args[cur_arg], "ssl") == 0) { + curproxy->options |= PR_O_TCPCHK_SSL; + tcpcheck->conn_opts |= TCPCHK_OPT_SSL; + cur_arg++; + } +#endif /* USE_OPENSSL */ + /* comment for this tcpcheck line */ + else if (strcmp(args[cur_arg], "comment") == 0) { + if (!*args[cur_arg + 1]) { + ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", + file, linenum, args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + tcpcheck->comment = strdup(args[cur_arg + 1]); + cur_arg += 2; + } + else { +#ifdef USE_OPENSSL + ha_alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or 'ssl' but got '%s' as argument.\n", +#else /* USE_OPENSSL */ + ha_alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or but got '%s' as argument.\n", +#endif /* USE_OPENSSL */ + file, linenum, args[0], args[1], args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + } + + LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); + } + else if (strcmp(args[1], "send") == 0) { + if (! *(args[2]) ) { + /* SEND string expected */ + ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument.\n", + file, linenum, args[0], args[1], args[2]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } else { + struct tcpcheck_rule *tcpcheck; + + tcpcheck = calloc(1, sizeof(*tcpcheck)); + + tcpcheck->action = TCPCHK_ACT_SEND; + tcpcheck->string_len = strlen(args[2]); + tcpcheck->string = strdup(args[2]); + tcpcheck->expect_regex = NULL; + + /* comment for this tcpcheck line */ + if (strcmp(args[3], "comment") == 0) { + if (!*args[4]) { + ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", + file, linenum, args[3]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + tcpcheck->comment = strdup(args[4]); + } + + LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); + } + } + else if (strcmp(args[1], "send-binary") == 0) { + if (! *(args[2]) ) { + /* SEND binary string expected */ + ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument.\n", + file, linenum, args[0], args[1], args[2]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } else { + struct tcpcheck_rule *tcpcheck; + char *err = NULL; + + tcpcheck = calloc(1, sizeof(*tcpcheck)); + + tcpcheck->action = TCPCHK_ACT_SEND; + if (parse_binary(args[2], &tcpcheck->string, &tcpcheck->string_len, &err) == 0) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument, but %s\n", + file, linenum, args[0], args[1], args[2], err); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + tcpcheck->expect_regex = NULL; + + /* comment for this tcpcheck line */ + if (strcmp(args[3], "comment") == 0) { + if (!*args[4]) { + ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", + file, linenum, args[3]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + tcpcheck->comment = strdup(args[4]); + } + + LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); + } + } + else if (strcmp(args[1], "expect") == 0) { + const char *ptr_arg; + int cur_arg; + int inverse = 0; + + if (curproxy->options2 & PR_O2_EXP_TYPE) { + ha_alert("parsing [%s:%d] : '%s %s' already specified.\n", file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + cur_arg = 2; + /* consider exclamation marks, sole or at the beginning of a word */ + while (*(ptr_arg = args[cur_arg])) { + while (*ptr_arg == '!') { + inverse = !inverse; + ptr_arg++; + } + if (*ptr_arg) + break; + cur_arg++; + } + /* now ptr_arg points to the beginning of a word past any possible + * exclamation mark, and cur_arg is the argument which holds this word. + */ + if (strcmp(ptr_arg, "binary") == 0) { + struct tcpcheck_rule *tcpcheck; + char *err = NULL; + + if (!*(args[cur_arg + 1])) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", + file, linenum, args[0], args[1], ptr_arg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + tcpcheck = calloc(1, sizeof(*tcpcheck)); + + tcpcheck->action = TCPCHK_ACT_EXPECT; + if (parse_binary(args[cur_arg + 1], &tcpcheck->string, &tcpcheck->string_len, &err) == 0) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument, but %s\n", + file, linenum, args[0], args[1], args[2], err); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + tcpcheck->expect_regex = NULL; + tcpcheck->inverse = inverse; + + /* tcpcheck comment */ + cur_arg += 2; + if (strcmp(args[cur_arg], "comment") == 0) { + if (!*args[cur_arg + 1]) { + ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", + file, linenum, args[cur_arg + 1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + tcpcheck->comment = strdup(args[cur_arg + 1]); + } + + LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); + } + else if (strcmp(ptr_arg, "string") == 0) { + struct tcpcheck_rule *tcpcheck; + + if (!*(args[cur_arg + 1])) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", + file, linenum, args[0], args[1], ptr_arg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + tcpcheck = calloc(1, sizeof(*tcpcheck)); + + tcpcheck->action = TCPCHK_ACT_EXPECT; + tcpcheck->string_len = strlen(args[cur_arg + 1]); + tcpcheck->string = strdup(args[cur_arg + 1]); + tcpcheck->expect_regex = NULL; + tcpcheck->inverse = inverse; + + /* tcpcheck comment */ + cur_arg += 2; + if (strcmp(args[cur_arg], "comment") == 0) { + if (!*args[cur_arg + 1]) { + ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", + file, linenum, args[cur_arg + 1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + tcpcheck->comment = strdup(args[cur_arg + 1]); + } + + LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); + } + else if (strcmp(ptr_arg, "rstring") == 0) { + struct tcpcheck_rule *tcpcheck; + + if (!*(args[cur_arg + 1])) { + ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", + file, linenum, args[0], args[1], ptr_arg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + tcpcheck = calloc(1, sizeof(*tcpcheck)); + + tcpcheck->action = TCPCHK_ACT_EXPECT; + tcpcheck->string_len = 0; + tcpcheck->string = NULL; + tcpcheck->expect_regex = calloc(1, sizeof(*tcpcheck->expect_regex)); + error = NULL; + if (!regex_comp(args[cur_arg + 1], tcpcheck->expect_regex, 1, 1, &error)) { + ha_alert("parsing [%s:%d] : '%s %s %s' : bad regular expression '%s': %s.\n", + file, linenum, args[0], args[1], ptr_arg, args[cur_arg + 1], error); + free(error); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + tcpcheck->inverse = inverse; + + /* tcpcheck comment */ + cur_arg += 2; + if (strcmp(args[cur_arg], "comment") == 0) { + if (!*args[cur_arg + 1]) { + ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", + file, linenum, args[cur_arg + 1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + tcpcheck->comment = strdup(args[cur_arg + 1]); + } + + LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); + } + else { + ha_alert("parsing [%s:%d] : '%s %s' only supports [!] 'binary', 'string', 'rstring', found '%s'.\n", + file, linenum, args[0], args[1], ptr_arg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else { + ha_alert("parsing [%s:%d] : '%s' only supports 'comment', 'connect', 'send' or 'expect'.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "monitor")) { + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (strcmp(args[1], "fail") == 0) { + /* add a condition to fail monitor requests */ + if (strcmp(args[2], "if") != 0 && strcmp(args[2], "unless") != 0) { + ha_alert("parsing [%s:%d] : '%s %s' requires either 'if' or 'unless' followed by a condition.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + err_code |= warnif_misplaced_monitor(curproxy, file, linenum, "monitor fail"); + if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + 2, &errmsg)) == NULL) { + ha_alert("parsing [%s:%d] : error detected while parsing a '%s %s' condition : %s.\n", + file, linenum, args[0], args[1], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + LIST_ADDQ(&curproxy->mon_fail_cond, &cond->list); + } + else { + ha_alert("parsing [%s:%d] : '%s' only supports 'fail'.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } +#ifdef TPROXY + else if (!strcmp(args[0], "transparent")) { + /* enable transparent proxy connections */ + curproxy->options |= PR_O_TRANSP; + if (alertif_too_many_args(0, file, linenum, args, &err_code)) + goto out; + } +#endif + else if (!strcmp(args[0], "maxconn")) { /* maxconn */ + if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], " Maybe you want 'fullconn' instead ?")) + err_code |= ERR_WARN; + + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->maxconn = atol(args[1]); + if (alertif_too_many_args(1, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[0], "backlog")) { /* backlog */ + if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->backlog = atol(args[1]); + if (alertif_too_many_args(1, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[0], "fullconn")) { /* fullconn */ + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], " Maybe you want 'maxconn' instead ?")) + err_code |= ERR_WARN; + + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->fullconn = atol(args[1]); + if (alertif_too_many_args(1, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[0], "grace")) { /* grace time (ms) */ + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects a time in milliseconds.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + err = parse_time_err(args[1], &val, TIME_UNIT_MS); + if (err) { + ha_alert("parsing [%s:%d] : unexpected character '%c' in grace time.\n", + file, linenum, *err); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->grace = val; + if (alertif_too_many_args(1, file, linenum, args, &err_code)) + goto out; + } + else if (!strcmp(args[0], "dispatch")) { /* dispatch address */ + struct sockaddr_storage *sk; + int port1, port2; + struct protocol *proto; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + else if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1); + if (!sk) { + ha_alert("parsing [%s:%d] : '%s' : %s\n", file, linenum, args[0], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + proto = protocol_by_family(sk->ss_family); + if (!proto || !proto->connect) { + ha_alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (port1 != port2) { + ha_alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (!port1) { + ha_alert("parsing [%s:%d] : '%s' : missing port number in '%s', expected.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (alertif_too_many_args(1, file, linenum, args, &err_code)) + goto out; + + curproxy->dispatch_addr = *sk; + curproxy->options |= PR_O_DISPATCH; + } + else if (!strcmp(args[0], "balance")) { /* set balancing with optional algorithm */ + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (backend_parse_balance((const char **)args + 1, &errmsg, curproxy) < 0) { + ha_alert("parsing [%s:%d] : %s %s\n", file, linenum, args[0], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "hash-type")) { /* set hashing method */ + /** + * The syntax for hash-type config element is + * hash-type {map-based|consistent} [[] avalanche] + * + * The default hash function is sdbm for map-based and sdbm+avalanche for consistent. + */ + curproxy->lbprm.algo &= ~(BE_LB_HASH_TYPE | BE_LB_HASH_FUNC | BE_LB_HASH_MOD); + + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (strcmp(args[1], "consistent") == 0) { /* use consistent hashing */ + curproxy->lbprm.algo |= BE_LB_HASH_CONS; + } + else if (strcmp(args[1], "map-based") == 0) { /* use map-based hashing */ + curproxy->lbprm.algo |= BE_LB_HASH_MAP; + } + else if (strcmp(args[1], "avalanche") == 0) { + ha_alert("parsing [%s:%d] : experimental feature '%s %s' is not supported anymore, please use '%s map-based sdbm avalanche' instead.\n", file, linenum, args[0], args[1], args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + else { + ha_alert("parsing [%s:%d] : '%s' only supports 'consistent' and 'map-based'.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + /* set the hash function to use */ + if (!*args[2]) { + /* the default algo is sdbm */ + curproxy->lbprm.algo |= BE_LB_HFCN_SDBM; + + /* if consistent with no argument, then avalanche modifier is also applied */ + if ((curproxy->lbprm.algo & BE_LB_HASH_TYPE) == BE_LB_HASH_CONS) + curproxy->lbprm.algo |= BE_LB_HMOD_AVAL; + } else { + /* set the hash function */ + if (!strcmp(args[2], "sdbm")) { + curproxy->lbprm.algo |= BE_LB_HFCN_SDBM; + } + else if (!strcmp(args[2], "djb2")) { + curproxy->lbprm.algo |= BE_LB_HFCN_DJB2; + } + else if (!strcmp(args[2], "wt6")) { + curproxy->lbprm.algo |= BE_LB_HFCN_WT6; + } + else if (!strcmp(args[2], "crc32")) { + curproxy->lbprm.algo |= BE_LB_HFCN_CRC32; + } + else { + ha_alert("parsing [%s:%d] : '%s' only supports 'sdbm', 'djb2', 'crc32', or 'wt6' hash functions.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + /* set the hash modifier */ + if (!strcmp(args[3], "avalanche")) { + curproxy->lbprm.algo |= BE_LB_HMOD_AVAL; + } + else if (*args[3]) { + ha_alert("parsing [%s:%d] : '%s' only supports 'avalanche' as a modifier for hash functions.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + } + else if (strcmp(args[0], "hash-balance-factor") == 0) { + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->lbprm.chash.balance_factor = atol(args[1]); + if (curproxy->lbprm.chash.balance_factor != 0 && curproxy->lbprm.chash.balance_factor <= 100) { + ha_alert("parsing [%s:%d] : '%s' must be 0 or greater than 100.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (strcmp(args[0], "unique-id-format") == 0) { + if (!*(args[1])) { + ha_alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if (*(args[2])) { + ha_alert("parsing [%s:%d] : %s expects only one argument, don't forget to escape spaces!\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->conf.uniqueid_format_string); + curproxy->conf.uniqueid_format_string = strdup(args[1]); + + free(curproxy->conf.uif_file); + curproxy->conf.uif_file = strdup(curproxy->conf.args.file); + curproxy->conf.uif_line = curproxy->conf.args.line; + } + + else if (strcmp(args[0], "unique-id-header") == 0) { + if (!*(args[1])) { + ha_alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->header_unique_id); + curproxy->header_unique_id = strdup(args[1]); + } + + else if (strcmp(args[0], "log-format") == 0) { + if (!*(args[1])) { + ha_alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if (*(args[2])) { + ha_alert("parsing [%s:%d] : %s expects only one argument, don't forget to escape spaces!\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if (curproxy->conf.logformat_string && curproxy == &defproxy) { + char *oldlogformat = "log-format"; + + if (curproxy->conf.logformat_string == default_http_log_format) + oldlogformat = "option httplog"; + else if (curproxy->conf.logformat_string == default_tcp_log_format) + oldlogformat = "option tcplog"; + else if (curproxy->conf.logformat_string == clf_http_log_format) + oldlogformat = "option httplog clf"; + ha_warning("parsing [%s:%d]: 'log-format' overrides previous '%s' in 'defaults' section.\n", + file, linenum, oldlogformat); + } + if (curproxy->conf.logformat_string != default_http_log_format && + curproxy->conf.logformat_string != default_tcp_log_format && + curproxy->conf.logformat_string != clf_http_log_format) + free(curproxy->conf.logformat_string); + curproxy->conf.logformat_string = strdup(args[1]); + + free(curproxy->conf.lfs_file); + curproxy->conf.lfs_file = strdup(curproxy->conf.args.file); + curproxy->conf.lfs_line = curproxy->conf.args.line; + + /* get a chance to improve log-format error reporting by + * reporting the correct line-number when possible. + */ + if (curproxy != &defproxy && !(curproxy->cap & PR_CAP_FE)) { + ha_warning("parsing [%s:%d] : backend '%s' : 'log-format' directive is ignored in backends.\n", + file, linenum, curproxy->id); + err_code |= ERR_WARN; + } + } + else if (!strcmp(args[0], "log-format-sd")) { + if (!*(args[1])) { + ha_alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + if (*(args[2])) { + ha_alert("parsing [%s:%d] : %s expects only one argument, don't forget to escape spaces!\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (curproxy->conf.logformat_sd_string != default_rfc5424_sd_log_format) + free(curproxy->conf.logformat_sd_string); + curproxy->conf.logformat_sd_string = strdup(args[1]); + + free(curproxy->conf.lfsd_file); + curproxy->conf.lfsd_file = strdup(curproxy->conf.args.file); + curproxy->conf.lfsd_line = curproxy->conf.args.line; + + /* get a chance to improve log-format-sd error reporting by + * reporting the correct line-number when possible. + */ + if (curproxy != &defproxy && !(curproxy->cap & PR_CAP_FE)) { + ha_warning("parsing [%s:%d] : backend '%s' : 'log-format-sd' directive is ignored in backends.\n", + file, linenum, curproxy->id); + err_code |= ERR_WARN; + } + } + else if (!strcmp(args[0], "log-tag")) { /* tag to report to syslog */ + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects a tag for use in syslog.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + chunk_destroy(&curproxy->log_tag); + chunk_initstr(&curproxy->log_tag, strdup(args[1])); + } + else if (!strcmp(args[0], "log")) { /* "no log" or "log ..." */ + if (!parse_logsrv(args, &curproxy->logsrvs, (kwm == KWM_NO), &errmsg)) { + ha_alert("parsing [%s:%d] : %s : %s\n", file, linenum, args[0], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "source")) { /* address to which we bind when connecting */ + int cur_arg; + int port1, port2; + struct sockaddr_storage *sk; + struct protocol *proto; + + if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (!*args[1]) { + ha_alert("parsing [%s:%d] : '%s' expects [:], and optionally '%s' , and '%s' .\n", + file, linenum, "source", "usesrc", "interface"); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + /* we must first clear any optional default setting */ + curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK; + free(curproxy->conn_src.iface_name); + curproxy->conn_src.iface_name = NULL; + curproxy->conn_src.iface_len = 0; + + sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1); + if (!sk) { + ha_alert("parsing [%s:%d] : '%s %s' : %s\n", + file, linenum, args[0], args[1], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + proto = protocol_by_family(sk->ss_family); + if (!proto || !proto->connect) { + ha_alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (port1 != port2) { + ha_alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'\n", + file, linenum, args[0], args[1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + curproxy->conn_src.source_addr = *sk; + curproxy->conn_src.opts |= CO_SRC_BIND; + + cur_arg = 2; + while (*(args[cur_arg])) { + if (!strcmp(args[cur_arg], "usesrc")) { /* address to use outside */ +#if defined(CONFIG_HAP_TRANSPARENT) + if (!*args[cur_arg + 1]) { + ha_alert("parsing [%s:%d] : '%s' expects [:], 'client', or 'clientip' as argument.\n", + file, linenum, "usesrc"); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (!strcmp(args[cur_arg + 1], "client")) { + curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK; + curproxy->conn_src.opts |= CO_SRC_TPROXY_CLI; + } else if (!strcmp(args[cur_arg + 1], "clientip")) { + curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK; + curproxy->conn_src.opts |= CO_SRC_TPROXY_CIP; + } else if (!strncmp(args[cur_arg + 1], "hdr_ip(", 7)) { + char *name, *end; + + name = args[cur_arg+1] + 7; + while (isspace(*name)) + name++; + + end = name; + while (*end && !isspace(*end) && *end != ',' && *end != ')') + end++; + + curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK; + curproxy->conn_src.opts |= CO_SRC_TPROXY_DYN; + curproxy->conn_src.bind_hdr_name = calloc(1, end - name + 1); + curproxy->conn_src.bind_hdr_len = end - name; + memcpy(curproxy->conn_src.bind_hdr_name, name, end - name); + curproxy->conn_src.bind_hdr_name[end-name] = '\0'; + curproxy->conn_src.bind_hdr_occ = -1; + + /* now look for an occurrence number */ + while (isspace(*end)) + end++; + if (*end == ',') { + end++; + name = end; + if (*end == '-') + end++; + while (isdigit((int)*end)) + end++; + curproxy->conn_src.bind_hdr_occ = strl2ic(name, end-name); + } + + if (curproxy->conn_src.bind_hdr_occ < -MAX_HDR_HISTORY) { + ha_alert("parsing [%s:%d] : usesrc hdr_ip(name,num) does not support negative" + " occurrences values smaller than %d.\n", + file, linenum, MAX_HDR_HISTORY); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } else { + struct sockaddr_storage *sk; + + sk = str2sa_range(args[cur_arg + 1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1); + if (!sk) { + ha_alert("parsing [%s:%d] : '%s %s' : %s\n", + file, linenum, args[cur_arg], args[cur_arg+1], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + proto = protocol_by_family(sk->ss_family); + if (!proto || !proto->connect) { + ha_alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n", + file, linenum, args[cur_arg], args[cur_arg+1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (port1 != port2) { + ha_alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'\n", + file, linenum, args[cur_arg], args[cur_arg + 1]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + curproxy->conn_src.tproxy_addr = *sk; + curproxy->conn_src.opts |= CO_SRC_TPROXY_ADDR; + } + global.last_checks |= LSTCHK_NETADM; +#else /* no TPROXY support */ + ha_alert("parsing [%s:%d] : '%s' not allowed here because support for TPROXY was not compiled in.\n", + file, linenum, "usesrc"); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; +#endif + cur_arg += 2; + continue; + } + + if (!strcmp(args[cur_arg], "interface")) { /* specifically bind to this interface */ +#ifdef SO_BINDTODEVICE + if (!*args[cur_arg + 1]) { + ha_alert("parsing [%s:%d] : '%s' : missing interface name.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + free(curproxy->conn_src.iface_name); + curproxy->conn_src.iface_name = strdup(args[cur_arg + 1]); + curproxy->conn_src.iface_len = strlen(curproxy->conn_src.iface_name); + global.last_checks |= LSTCHK_NETADM; +#else + ha_alert("parsing [%s:%d] : '%s' : '%s' option not implemented.\n", + file, linenum, args[0], args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; +#endif + cur_arg += 2; + continue; + } + ha_alert("parsing [%s:%d] : '%s' only supports optional keywords '%s' and '%s'.\n", + file, linenum, args[0], "interface", "usesrc"); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + } + else if (!strcmp(args[0], "usesrc")) { /* address to use outside: needs "source" first */ + ha_alert("parsing [%s:%d] : '%s' only allowed after a '%s' statement.\n", + file, linenum, "usesrc", "source"); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + else if (!strcmp(args[0], "cliexp") || !strcmp(args[0], "reqrep")) { /* replace request header from a regex */ + if (*(args[2]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects and as arguments.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_REQ, ACT_REPLACE, 0, + args[0], args[1], args[2], (const char **)args+3); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "reqdel")) { /* delete request header from a regex */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_REQ, ACT_REMOVE, 0, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "reqdeny")) { /* deny a request if a header matches this regex */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_REQ, ACT_DENY, 0, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "reqpass")) { /* pass this header without allowing or denying the request */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_REQ, ACT_PASS, 0, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "reqallow")) { /* allow a request if a header matches this regex */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_REQ, ACT_ALLOW, 0, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "reqtarpit")) { /* tarpit a request if a header matches this regex */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_REQ, ACT_TARPIT, 0, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "reqirep")) { /* replace request header from a regex, ignoring case */ + if (*(args[2]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects and as arguments.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_REQ, ACT_REPLACE, REG_ICASE, + args[0], args[1], args[2], (const char **)args+3); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "reqidel")) { /* delete request header from a regex ignoring case */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_REQ, ACT_REMOVE, REG_ICASE, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "reqideny")) { /* deny a request if a header matches this regex ignoring case */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_REQ, ACT_DENY, REG_ICASE, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "reqipass")) { /* pass this header without allowing or denying the request */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_REQ, ACT_PASS, REG_ICASE, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "reqiallow")) { /* allow a request if a header matches this regex ignoring case */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_REQ, ACT_ALLOW, REG_ICASE, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "reqitarpit")) { /* tarpit a request if a header matches this regex ignoring case */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_REQ, ACT_TARPIT, REG_ICASE, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "reqadd")) { /* add request header */ + struct cond_wordlist *wl; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + else if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects
as an argument.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if ((strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0)) { + if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args+2, &errmsg)) == NULL) { + ha_alert("parsing [%s:%d] : error detected while parsing a '%s' condition : %s.\n", + file, linenum, args[0], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + err_code |= warnif_cond_conflicts(cond, + (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, + file, linenum); + } + else if (*args[2]) { + ha_alert("parsing [%s:%d] : '%s' : Expecting nothing, 'if', or 'unless', got '%s'.\n", + file, linenum, args[0], args[2]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + wl = calloc(1, sizeof(*wl)); + wl->cond = cond; + wl->s = strdup(args[1]); + LIST_ADDQ(&curproxy->req_add, &wl->list); + warnif_misplaced_reqadd(curproxy, file, linenum, args[0]); + } + else if (!strcmp(args[0], "srvexp") || !strcmp(args[0], "rsprep")) { /* replace response header from a regex */ + if (*(args[2]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects and as arguments.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_RES, ACT_REPLACE, 0, + args[0], args[1], args[2], (const char **)args+3); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "rspdel")) { /* delete response header from a regex */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_RES, ACT_REMOVE, 0, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "rspdeny")) { /* block response header from a regex */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_RES, ACT_DENY, 0, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "rspirep")) { /* replace response header from a regex ignoring case */ + if (*(args[2]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects and as arguments.\n", + file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_RES, ACT_REPLACE, REG_ICASE, + args[0], args[1], args[2], (const char **)args+3); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "rspidel")) { /* delete response header from a regex ignoring case */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_RES, ACT_REMOVE, REG_ICASE, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "rspideny")) { /* block response header from a regex ignoring case */ + err_code |= create_cond_regex_rule(file, linenum, curproxy, + SMP_OPT_DIR_RES, ACT_DENY, REG_ICASE, + args[0], args[1], NULL, (const char **)args+2); + if (err_code & ERR_FATAL) + goto out; + } + else if (!strcmp(args[0], "rspadd")) { /* add response header */ + struct cond_wordlist *wl; + + if (curproxy == &defproxy) { + ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + else if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (*(args[1]) == 0) { + ha_alert("parsing [%s:%d] : '%s' expects
as an argument.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if ((strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0)) { + if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args+2, &errmsg)) == NULL) { + ha_alert("parsing [%s:%d] : error detected while parsing a '%s' condition : %s.\n", + file, linenum, args[0], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + err_code |= warnif_cond_conflicts(cond, + (curproxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR, + file, linenum); + } + else if (*args[2]) { + ha_alert("parsing [%s:%d] : '%s' : Expecting nothing, 'if', or 'unless', got '%s'.\n", + file, linenum, args[0], args[2]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + wl = calloc(1, sizeof(*wl)); + wl->cond = cond; + wl->s = strdup(args[1]); + LIST_ADDQ(&curproxy->rsp_add, &wl->list); + } + else if (!strcmp(args[0], "errorloc") || + !strcmp(args[0], "errorloc302") || + !strcmp(args[0], "errorloc303")) { /* error location */ + int errnum, errlen; + char *err; + + if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (*(args[2]) == 0) { + ha_alert("parsing [%s:%d] : <%s> expects and as arguments.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + errnum = atol(args[1]); + if (!strcmp(args[0], "errorloc303")) { + errlen = strlen(HTTP_303) + strlen(args[2]) + 5; + err = malloc(errlen); + errlen = snprintf(err, errlen, "%s%s\r\n\r\n", HTTP_303, args[2]); + } else { + errlen = strlen(HTTP_302) + strlen(args[2]) + 5; + err = malloc(errlen); + errlen = snprintf(err, errlen, "%s%s\r\n\r\n", HTTP_302, args[2]); + } + + for (rc = 0; rc < HTTP_ERR_SIZE; rc++) { + if (http_err_codes[rc] == errnum) { + chunk_destroy(&curproxy->errmsg[rc]); + chunk_initlen(&curproxy->errmsg[rc], err, errlen, errlen); + break; + } + } + + if (rc >= HTTP_ERR_SIZE) { + ha_warning("parsing [%s:%d] : status code %d not handled by '%s', error relocation will be ignored.\n", + file, linenum, errnum, args[0]); + free(err); + } + } + else if (!strcmp(args[0], "errorfile")) { /* error message from a file */ + int errnum, errlen, fd; + char *err; + struct stat stat; + + if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL)) + err_code |= ERR_WARN; + + if (*(args[2]) == 0) { + ha_alert("parsing [%s:%d] : <%s> expects and as arguments.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + fd = open(args[2], O_RDONLY); + if ((fd < 0) || (fstat(fd, &stat) < 0)) { + ha_alert("parsing [%s:%d] : error opening file <%s> for custom error message <%s>.\n", + file, linenum, args[2], args[1]); + if (fd >= 0) + close(fd); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + if (stat.st_size <= global.tune.bufsize) { + errlen = stat.st_size; + } else { + ha_warning("parsing [%s:%d] : custom error message file <%s> larger than %d bytes. Truncating.\n", + file, linenum, args[2], global.tune.bufsize); + err_code |= ERR_WARN; + errlen = global.tune.bufsize; + } + + err = malloc(errlen); /* malloc() must succeed during parsing */ + errnum = read(fd, err, errlen); + if (errnum != errlen) { + ha_alert("parsing [%s:%d] : error reading file <%s> for custom error message <%s>.\n", + file, linenum, args[2], args[1]); + close(fd); + free(err); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + close(fd); + + errnum = atol(args[1]); + for (rc = 0; rc < HTTP_ERR_SIZE; rc++) { + if (http_err_codes[rc] == errnum) { + chunk_destroy(&curproxy->errmsg[rc]); + chunk_initlen(&curproxy->errmsg[rc], err, errlen, errlen); + break; + } + } + + if (rc >= HTTP_ERR_SIZE) { + ha_warning("parsing [%s:%d] : status code %d not handled by '%s', error customization will be ignored.\n", + file, linenum, errnum, args[0]); + err_code |= ERR_WARN; + free(err); + } + } + else { + struct cfg_kw_list *kwl; + int index; + + list_for_each_entry(kwl, &cfg_keywords.list, list) { + for (index = 0; kwl->kw[index].kw != NULL; index++) { + if (kwl->kw[index].section != CFG_LISTEN) + continue; + if (strcmp(kwl->kw[index].kw, args[0]) == 0) { + /* prepare error message just in case */ + rc = kwl->kw[index].parse(args, CFG_LISTEN, curproxy, &defproxy, file, linenum, &errmsg); + if (rc < 0) { + ha_alert("parsing [%s:%d] : %s\n", file, linenum, errmsg); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + else if (rc > 0) { + ha_warning("parsing [%s:%d] : %s\n", file, linenum, errmsg); + err_code |= ERR_WARN; + goto out; + } + goto out; + } + } + } + + ha_alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], cursection); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + out: + free(errmsg); + return err_code; +} diff --git a/src/cfgparse.c b/src/cfgparse.c index 05bd951a2..2eb966377 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -45,7 +45,6 @@ #include #include -#include #include #include #include @@ -124,63 +123,8 @@ struct list sections = LIST_HEAD_INIT(sections); struct list postparsers = LIST_HEAD_INIT(postparsers); -/* proxy->options */ -static const struct cfg_opt cfg_opts[] = -{ - { "abortonclose", PR_O_ABRT_CLOSE, PR_CAP_BE, 0, 0 }, - { "allbackups", PR_O_USE_ALL_BK, PR_CAP_BE, 0, 0 }, - { "checkcache", PR_O_CHK_CACHE, PR_CAP_BE, 0, PR_MODE_HTTP }, - { "clitcpka", PR_O_TCP_CLI_KA, PR_CAP_FE, 0, 0 }, - { "contstats", PR_O_CONTSTATS, PR_CAP_FE, 0, 0 }, - { "dontlognull", PR_O_NULLNOLOG, PR_CAP_FE, 0, 0 }, - { "http_proxy", PR_O_HTTP_PROXY, PR_CAP_FE | PR_CAP_BE, 0, PR_MODE_HTTP }, - { "http-buffer-request", PR_O_WREQ_BODY, PR_CAP_FE | PR_CAP_BE, 0, PR_MODE_HTTP }, - { "http-ignore-probes", PR_O_IGNORE_PRB, PR_CAP_FE, 0, PR_MODE_HTTP }, - { "prefer-last-server", PR_O_PREF_LAST, PR_CAP_BE, 0, PR_MODE_HTTP }, - { "logasap", PR_O_LOGASAP, PR_CAP_FE, 0, 0 }, - { "nolinger", PR_O_TCP_NOLING, PR_CAP_FE | PR_CAP_BE, 0, 0 }, - { "persist", PR_O_PERSIST, PR_CAP_BE, 0, 0 }, - { "srvtcpka", PR_O_TCP_SRV_KA, PR_CAP_BE, 0, 0 }, -#ifdef TPROXY - { "transparent", PR_O_TRANSP, PR_CAP_BE, 0, 0 }, -#else - { "transparent", 0, 0, 0, 0 }, -#endif - - { NULL, 0, 0, 0, 0 } -}; - -/* proxy->options2 */ -static const struct cfg_opt cfg_opts2[] = -{ -#ifdef CONFIG_HAP_LINUX_SPLICE - { "splice-request", PR_O2_SPLIC_REQ, PR_CAP_FE|PR_CAP_BE, 0, 0 }, - { "splice-response", PR_O2_SPLIC_RTR, PR_CAP_FE|PR_CAP_BE, 0, 0 }, - { "splice-auto", PR_O2_SPLIC_AUT, PR_CAP_FE|PR_CAP_BE, 0, 0 }, -#else - { "splice-request", 0, 0, 0, 0 }, - { "splice-response", 0, 0, 0, 0 }, - { "splice-auto", 0, 0, 0, 0 }, -#endif - { "accept-invalid-http-request", PR_O2_REQBUG_OK, PR_CAP_FE, 0, PR_MODE_HTTP }, - { "accept-invalid-http-response", PR_O2_RSPBUG_OK, PR_CAP_BE, 0, PR_MODE_HTTP }, - { "dontlog-normal", PR_O2_NOLOGNORM, PR_CAP_FE, 0, 0 }, - { "log-separate-errors", PR_O2_LOGERRORS, PR_CAP_FE, 0, 0 }, - { "log-health-checks", PR_O2_LOGHCHKS, PR_CAP_BE, 0, 0 }, - { "socket-stats", PR_O2_SOCKSTAT, PR_CAP_FE, 0, 0 }, - { "tcp-smart-accept", PR_O2_SMARTACC, PR_CAP_FE, 0, 0 }, - { "tcp-smart-connect", PR_O2_SMARTCON, PR_CAP_BE, 0, 0 }, - { "independant-streams", PR_O2_INDEPSTR, PR_CAP_FE|PR_CAP_BE, 0, 0 }, - { "independent-streams", PR_O2_INDEPSTR, PR_CAP_FE|PR_CAP_BE, 0, 0 }, - { "http-use-proxy-header", PR_O2_USE_PXHDR, PR_CAP_FE, 0, PR_MODE_HTTP }, - { "http-pretend-keepalive", PR_O2_FAKE_KA, PR_CAP_BE, 0, PR_MODE_HTTP }, - { "http-no-delay", PR_O2_NODELAY, PR_CAP_FE|PR_CAP_BE, 0, PR_MODE_HTTP }, - { "http-use-htx", PR_O2_USE_HTX, PR_CAP_FE|PR_CAP_BE, 0, PR_MODE_HTTP }, - { NULL, 0, 0, 0 } -}; - -static char *cursection = NULL; -static struct proxy defproxy; /* fake proxy used to assign default values on all instances */ +char *cursection = NULL; +struct proxy defproxy = { }; /* fake proxy used to assign default values on all instances */ int cfg_maxpconn = DEFAULT_MAXCONN; /* # of simultaneous connections per proxy (-N) */ int cfg_maxconn = 0; /* # of simultaneous connections, (-n) */ char *cfg_scope = NULL; /* the current scope during the configuration parsing */ @@ -364,205 +308,13 @@ int alertif_too_many_args(int maxarg, const char *file, int linenum, char **args return alertif_too_many_args_idx(maxarg, 0, file, linenum, args, err_code); } -/* Report a warning if a rule is placed after a 'tcp-request session' rule. - * Return 1 if the warning has been emitted, otherwise 0. - */ -int warnif_rule_after_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg) -{ - if (!LIST_ISEMPTY(&proxy->tcp_req.l5_rules)) { - ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'tcp-request session' rule will still be processed before.\n", - file, line, arg); - return 1; - } - return 0; -} - -/* Report a warning if a rule is placed after a 'tcp-request content' rule. - * Return 1 if the warning has been emitted, otherwise 0. - */ -int warnif_rule_after_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg) -{ - if (!LIST_ISEMPTY(&proxy->tcp_req.inspect_rules)) { - ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'tcp-request content' rule will still be processed before.\n", - file, line, arg); - return 1; - } - return 0; -} - -/* Report a warning if a rule is placed after a 'monitor fail' rule. - * Return 1 if the warning has been emitted, otherwise 0. - */ -int warnif_rule_after_monitor(struct proxy *proxy, const char *file, int line, const char *arg) -{ - if (!LIST_ISEMPTY(&proxy->mon_fail_cond)) { - ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'monitor fail' rule will still be processed before.\n", - file, line, arg); - return 1; - } - return 0; -} - -/* Report a warning if a rule is placed after a 'block' rule. - * Return 1 if the warning has been emitted, otherwise 0. - */ -int warnif_rule_after_block(struct proxy *proxy, const char *file, int line, const char *arg) -{ - if (!LIST_ISEMPTY(&proxy->block_rules)) { - ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'block' rule will still be processed before.\n", - file, line, arg); - return 1; - } - return 0; -} - -/* Report a warning if a rule is placed after an 'http_request' rule. - * Return 1 if the warning has been emitted, otherwise 0. - */ -int warnif_rule_after_http_req(struct proxy *proxy, const char *file, int line, const char *arg) -{ - if (!LIST_ISEMPTY(&proxy->http_req_rules)) { - ha_warning("parsing [%s:%d] : a '%s' rule placed after an 'http-request' rule will still be processed before.\n", - file, line, arg); - return 1; - } - return 0; -} - -/* Report a warning if a rule is placed after a reqrewrite rule. - * Return 1 if the warning has been emitted, otherwise 0. - */ -int warnif_rule_after_reqxxx(struct proxy *proxy, const char *file, int line, const char *arg) -{ - if (proxy->req_exp) { - ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'reqxxx' rule will still be processed before.\n", - file, line, arg); - return 1; - } - return 0; -} - -/* Report a warning if a rule is placed after a reqadd rule. - * Return 1 if the warning has been emitted, otherwise 0. - */ -int warnif_rule_after_reqadd(struct proxy *proxy, const char *file, int line, const char *arg) -{ - if (!LIST_ISEMPTY(&proxy->req_add)) { - ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'reqadd' rule will still be processed before.\n", - file, line, arg); - return 1; - } - return 0; -} - -/* Report a warning if a rule is placed after a redirect rule. - * Return 1 if the warning has been emitted, otherwise 0. - */ -int warnif_rule_after_redirect(struct proxy *proxy, const char *file, int line, const char *arg) -{ - if (!LIST_ISEMPTY(&proxy->redirect_rules)) { - ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'redirect' rule will still be processed before.\n", - file, line, arg); - return 1; - } - return 0; -} - -/* Report a warning if a rule is placed after a 'use_backend' rule. - * Return 1 if the warning has been emitted, otherwise 0. - */ -int warnif_rule_after_use_backend(struct proxy *proxy, const char *file, int line, const char *arg) -{ - if (!LIST_ISEMPTY(&proxy->switching_rules)) { - ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'use_backend' rule will still be processed before.\n", - file, line, arg); - return 1; - } - return 0; -} - -/* Report a warning if a rule is placed after a 'use-server' rule. - * Return 1 if the warning has been emitted, otherwise 0. - */ -int warnif_rule_after_use_server(struct proxy *proxy, const char *file, int line, const char *arg) -{ - if (!LIST_ISEMPTY(&proxy->server_rules)) { - ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'use-server' rule will still be processed before.\n", - file, line, arg); - return 1; - } - return 0; -} - -/* report a warning if a redirect rule is dangerously placed */ -int warnif_misplaced_redirect(struct proxy *proxy, const char *file, int line, const char *arg) -{ - return warnif_rule_after_use_backend(proxy, file, line, arg) || - warnif_rule_after_use_server(proxy, file, line, arg); -} - -/* report a warning if a reqadd rule is dangerously placed */ -int warnif_misplaced_reqadd(struct proxy *proxy, const char *file, int line, const char *arg) -{ - return warnif_rule_after_redirect(proxy, file, line, arg) || - warnif_misplaced_redirect(proxy, file, line, arg); -} - -/* report a warning if a reqxxx rule is dangerously placed */ -int warnif_misplaced_reqxxx(struct proxy *proxy, const char *file, int line, const char *arg) -{ - return warnif_rule_after_reqadd(proxy, file, line, arg) || - warnif_misplaced_reqadd(proxy, file, line, arg); -} - -/* report a warning if an http-request rule is dangerously placed */ -int warnif_misplaced_http_req(struct proxy *proxy, const char *file, int line, const char *arg) -{ - return warnif_rule_after_reqxxx(proxy, file, line, arg) || - warnif_misplaced_reqxxx(proxy, file, line, arg);; -} - -/* report a warning if a block rule is dangerously placed */ -int warnif_misplaced_block(struct proxy *proxy, const char *file, int line, const char *arg) -{ - return warnif_rule_after_http_req(proxy, file, line, arg) || - warnif_misplaced_http_req(proxy, file, line, arg); -} - -/* report a warning if a block rule is dangerously placed */ -int warnif_misplaced_monitor(struct proxy *proxy, const char *file, int line, const char *arg) -{ - return warnif_rule_after_block(proxy, file, line, arg) || - warnif_misplaced_block(proxy, file, line, arg); -} - -/* report a warning if a "tcp request content" rule is dangerously placed */ -int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg) -{ - return warnif_rule_after_monitor(proxy, file, line, arg) || - warnif_misplaced_monitor(proxy, file, line, arg); -} - -/* report a warning if a "tcp request session" rule is dangerously placed */ -int warnif_misplaced_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg) -{ - return warnif_rule_after_tcp_cont(proxy, file, line, arg) || - warnif_misplaced_tcp_cont(proxy, file, line, arg); -} - -/* report a warning if a "tcp request connection" rule is dangerously placed */ -int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg) -{ - return warnif_rule_after_tcp_sess(proxy, file, line, arg) || - warnif_misplaced_tcp_sess(proxy, file, line, arg); -} /* Report it if a request ACL condition uses some keywords that are incompatible * with the place where the ACL is used. It returns either 0 or ERR_WARN so that * its result can be or'ed with err_code. Note that may be NULL and then * will be ignored. */ -static int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const char *file, int line) +int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const char *file, int line) { const struct acl *acl; const char *kw; @@ -728,100 +480,6 @@ void init_default_instance() } -/* This function createss a new req* or rsp* rule to the proxy. It compiles the - * regex and may return the ERR_WARN bit, and error bits such as ERR_ALERT and - * ERR_FATAL in case of error. - */ -static int create_cond_regex_rule(const char *file, int line, - struct proxy *px, int dir, int action, int flags, - const char *cmd, const char *reg, const char *repl, - const char **cond_start) -{ - struct my_regex *preg = NULL; - char *errmsg = NULL; - const char *err; - char *error; - int ret_code = 0; - struct acl_cond *cond = NULL; - int cs; - int cap; - - if (px == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, line, cmd); - ret_code |= ERR_ALERT | ERR_FATAL; - goto err; - } - - if (*reg == 0) { - ha_alert("parsing [%s:%d] : '%s' expects as an argument.\n", file, line, cmd); - ret_code |= ERR_ALERT | ERR_FATAL; - goto err; - } - - if (warnifnotcap(px, PR_CAP_FE | PR_CAP_BE, file, line, cmd, NULL)) - ret_code |= ERR_WARN; - - if (cond_start && - (strcmp(*cond_start, "if") == 0 || strcmp(*cond_start, "unless") == 0)) { - if ((cond = build_acl_cond(file, line, &px->acl, px, cond_start, &errmsg)) == NULL) { - ha_alert("parsing [%s:%d] : error detected while parsing a '%s' condition : %s.\n", - file, line, cmd, errmsg); - ret_code |= ERR_ALERT | ERR_FATAL; - goto err; - } - } - else if (cond_start && **cond_start) { - ha_alert("parsing [%s:%d] : '%s' : Expecting nothing, 'if', or 'unless', got '%s'.\n", - file, line, cmd, *cond_start); - ret_code |= ERR_ALERT | ERR_FATAL; - goto err; - } - - ret_code |= warnif_cond_conflicts(cond, - (dir == SMP_OPT_DIR_REQ) ? - ((px->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR) : - ((px->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR), - file, line); - - preg = calloc(1, sizeof(*preg)); - if (!preg) { - ha_alert("parsing [%s:%d] : '%s' : not enough memory to build regex.\n", file, line, cmd); - ret_code = ERR_ALERT | ERR_FATAL; - goto err; - } - - cs = !(flags & REG_ICASE); - cap = !(flags & REG_NOSUB); - error = NULL; - if (!regex_comp(reg, preg, cs, cap, &error)) { - ha_alert("parsing [%s:%d] : '%s' : regular expression '%s' : %s\n", file, line, cmd, reg, error); - free(error); - ret_code = ERR_ALERT | ERR_FATAL; - goto err; - } - - err = chain_regex((dir == SMP_OPT_DIR_REQ) ? &px->req_exp : &px->rsp_exp, - preg, action, repl ? strdup(repl) : NULL, cond); - if (repl && err) { - ha_alert("parsing [%s:%d] : '%s' : invalid character or unterminated sequence in replacement string near '%c'.\n", - file, line, cmd, *err); - ret_code |= ERR_ALERT | ERR_FATAL; - goto err_free; - } - - if (dir == SMP_OPT_DIR_REQ && warnif_misplaced_reqxxx(px, file, line, cmd)) - ret_code |= ERR_WARN; - - return ret_code; - - err_free: - regex_free(preg); - err: - free(preg); - free(errmsg); - return ret_code; -} - /* * Parse a line in a , or section. * Returns the error code, 0 if OK, or any combination of : @@ -1584,7 +1242,7 @@ out: return err_code; } -static void free_email_alert(struct proxy *p) +void free_email_alert(struct proxy *p) { free(p->email_alert.mailers.name); p->email_alert.mailers.name = NULL; @@ -1596,4006 +1254,6 @@ static void free_email_alert(struct proxy *p) p->email_alert.myhostname = NULL; } -int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) -{ - static struct proxy *curproxy = NULL; - const char *err; - char *error; - int rc; - unsigned val; - int err_code = 0; - struct acl_cond *cond = NULL; - struct logsrv *tmplogsrv; - char *errmsg = NULL; - struct bind_conf *bind_conf; - - if (!strcmp(args[0], "listen")) - rc = PR_CAP_LISTEN; - else if (!strcmp(args[0], "frontend")) - rc = PR_CAP_FE; - else if (!strcmp(args[0], "backend")) - rc = PR_CAP_BE; - else - rc = PR_CAP_NONE; - - if (rc != PR_CAP_NONE) { /* new proxy */ - if (!*args[1]) { - ha_alert("parsing [%s:%d] : '%s' expects an argument and\n" - " optionally supports [addr1]:port1[-end1]{,[addr]:port[-end]}...\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - - err = invalid_char(args[1]); - if (err) { - ha_alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n", - file, linenum, *err, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - } - - curproxy = (rc & PR_CAP_FE) ? proxy_fe_by_name(args[1]) : proxy_be_by_name(args[1]); - if (curproxy) { - ha_alert("Parsing [%s:%d]: %s '%s' has the same name as %s '%s' declared at %s:%d.\n", - file, linenum, proxy_cap_str(rc), args[1], proxy_type_str(curproxy), - curproxy->id, curproxy->conf.file, curproxy->conf.line); - err_code |= ERR_ALERT | ERR_FATAL; - } - - if ((curproxy = calloc(1, sizeof(*curproxy))) == NULL) { - ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - - init_new_proxy(curproxy); - curproxy->next = proxies_list; - proxies_list = curproxy; - curproxy->conf.args.file = curproxy->conf.file = strdup(file); - curproxy->conf.args.line = curproxy->conf.line = linenum; - curproxy->last_change = now.tv_sec; - curproxy->id = strdup(args[1]); - curproxy->cap = rc; - proxy_store_name(curproxy); - - if (alertif_too_many_args(1, file, linenum, args, &err_code)) { - if (curproxy->cap & PR_CAP_FE) - ha_alert("parsing [%s:%d] : please use the 'bind' keyword for listening addresses.\n", file, linenum); - goto out; - } - - /* set default values */ - memcpy(&curproxy->defsrv, &defproxy.defsrv, sizeof(curproxy->defsrv)); - curproxy->defsrv.id = "default-server"; - - curproxy->state = defproxy.state; - curproxy->options = defproxy.options; - curproxy->options2 = defproxy.options2; - curproxy->no_options = defproxy.no_options; - curproxy->no_options2 = defproxy.no_options2; - curproxy->bind_proc = defproxy.bind_proc; - curproxy->except_net = defproxy.except_net; - curproxy->except_mask = defproxy.except_mask; - curproxy->except_to = defproxy.except_to; - curproxy->except_mask_to = defproxy.except_mask_to; - - if (defproxy.fwdfor_hdr_len) { - curproxy->fwdfor_hdr_len = defproxy.fwdfor_hdr_len; - curproxy->fwdfor_hdr_name = strdup(defproxy.fwdfor_hdr_name); - } - - if (defproxy.orgto_hdr_len) { - curproxy->orgto_hdr_len = defproxy.orgto_hdr_len; - curproxy->orgto_hdr_name = strdup(defproxy.orgto_hdr_name); - } - - if (defproxy.server_id_hdr_len) { - curproxy->server_id_hdr_len = defproxy.server_id_hdr_len; - curproxy->server_id_hdr_name = strdup(defproxy.server_id_hdr_name); - } - - /* initialize error relocations */ - for (rc = 0; rc < HTTP_ERR_SIZE; rc++) - chunk_dup(&curproxy->errmsg[rc], &defproxy.errmsg[rc]); - - if (curproxy->cap & PR_CAP_FE) { - curproxy->maxconn = defproxy.maxconn; - curproxy->backlog = defproxy.backlog; - curproxy->fe_sps_lim = defproxy.fe_sps_lim; - - curproxy->to_log = defproxy.to_log & ~LW_COOKIE & ~LW_REQHDR & ~ LW_RSPHDR; - } - - if (curproxy->cap & PR_CAP_BE) { - curproxy->lbprm.algo = defproxy.lbprm.algo; - curproxy->lbprm.chash.balance_factor = defproxy.lbprm.chash.balance_factor; - curproxy->fullconn = defproxy.fullconn; - curproxy->conn_retries = defproxy.conn_retries; - curproxy->redispatch_after = defproxy.redispatch_after; - curproxy->max_ka_queue = defproxy.max_ka_queue; - - if (defproxy.check_req) { - curproxy->check_req = calloc(1, defproxy.check_len); - memcpy(curproxy->check_req, defproxy.check_req, defproxy.check_len); - } - curproxy->check_len = defproxy.check_len; - - if (defproxy.expect_str) { - curproxy->expect_str = strdup(defproxy.expect_str); - if (defproxy.expect_regex) { - /* note: this regex is known to be valid */ - curproxy->expect_regex = calloc(1, sizeof(*curproxy->expect_regex)); - regex_comp(defproxy.expect_str, curproxy->expect_regex, 1, 1, NULL); - } - } - - curproxy->ck_opts = defproxy.ck_opts; - if (defproxy.cookie_name) - curproxy->cookie_name = strdup(defproxy.cookie_name); - curproxy->cookie_len = defproxy.cookie_len; - - if (defproxy.dyncookie_key) - curproxy->dyncookie_key = strdup(defproxy.dyncookie_key); - if (defproxy.cookie_domain) - curproxy->cookie_domain = strdup(defproxy.cookie_domain); - - if (defproxy.cookie_maxidle) - curproxy->cookie_maxidle = defproxy.cookie_maxidle; - - if (defproxy.cookie_maxlife) - curproxy->cookie_maxlife = defproxy.cookie_maxlife; - - if (defproxy.rdp_cookie_name) - curproxy->rdp_cookie_name = strdup(defproxy.rdp_cookie_name); - curproxy->rdp_cookie_len = defproxy.rdp_cookie_len; - - if (defproxy.url_param_name) - curproxy->url_param_name = strdup(defproxy.url_param_name); - curproxy->url_param_len = defproxy.url_param_len; - - if (defproxy.hh_name) - curproxy->hh_name = strdup(defproxy.hh_name); - curproxy->hh_len = defproxy.hh_len; - curproxy->hh_match_domain = defproxy.hh_match_domain; - - if (defproxy.conn_src.iface_name) - curproxy->conn_src.iface_name = strdup(defproxy.conn_src.iface_name); - curproxy->conn_src.iface_len = defproxy.conn_src.iface_len; - curproxy->conn_src.opts = defproxy.conn_src.opts; -#if defined(CONFIG_HAP_TRANSPARENT) - curproxy->conn_src.tproxy_addr = defproxy.conn_src.tproxy_addr; -#endif - curproxy->load_server_state_from_file = defproxy.load_server_state_from_file; - } - - if (curproxy->cap & PR_CAP_FE) { - if (defproxy.capture_name) - curproxy->capture_name = strdup(defproxy.capture_name); - curproxy->capture_namelen = defproxy.capture_namelen; - curproxy->capture_len = defproxy.capture_len; - } - - if (curproxy->cap & PR_CAP_FE) { - curproxy->timeout.client = defproxy.timeout.client; - curproxy->timeout.clientfin = defproxy.timeout.clientfin; - curproxy->timeout.tarpit = defproxy.timeout.tarpit; - curproxy->timeout.httpreq = defproxy.timeout.httpreq; - curproxy->timeout.httpka = defproxy.timeout.httpka; - curproxy->mon_net = defproxy.mon_net; - curproxy->mon_mask = defproxy.mon_mask; - if (defproxy.monitor_uri) - curproxy->monitor_uri = strdup(defproxy.monitor_uri); - curproxy->monitor_uri_len = defproxy.monitor_uri_len; - if (defproxy.defbe.name) - curproxy->defbe.name = strdup(defproxy.defbe.name); - - /* get either a pointer to the logformat string or a copy of it */ - curproxy->conf.logformat_string = defproxy.conf.logformat_string; - if (curproxy->conf.logformat_string && - curproxy->conf.logformat_string != default_http_log_format && - curproxy->conf.logformat_string != default_tcp_log_format && - curproxy->conf.logformat_string != clf_http_log_format) - curproxy->conf.logformat_string = strdup(curproxy->conf.logformat_string); - - if (defproxy.conf.lfs_file) { - curproxy->conf.lfs_file = strdup(defproxy.conf.lfs_file); - curproxy->conf.lfs_line = defproxy.conf.lfs_line; - } - - /* get either a pointer to the logformat string for RFC5424 structured-data or a copy of it */ - curproxy->conf.logformat_sd_string = defproxy.conf.logformat_sd_string; - if (curproxy->conf.logformat_sd_string && - curproxy->conf.logformat_sd_string != default_rfc5424_sd_log_format) - curproxy->conf.logformat_sd_string = strdup(curproxy->conf.logformat_sd_string); - - if (defproxy.conf.lfsd_file) { - curproxy->conf.lfsd_file = strdup(defproxy.conf.lfsd_file); - curproxy->conf.lfsd_line = defproxy.conf.lfsd_line; - } - } - - if (curproxy->cap & PR_CAP_BE) { - curproxy->timeout.connect = defproxy.timeout.connect; - curproxy->timeout.server = defproxy.timeout.server; - curproxy->timeout.serverfin = defproxy.timeout.serverfin; - curproxy->timeout.check = defproxy.timeout.check; - curproxy->timeout.queue = defproxy.timeout.queue; - curproxy->timeout.tarpit = defproxy.timeout.tarpit; - curproxy->timeout.httpreq = defproxy.timeout.httpreq; - curproxy->timeout.httpka = defproxy.timeout.httpka; - curproxy->timeout.tunnel = defproxy.timeout.tunnel; - curproxy->conn_src.source_addr = defproxy.conn_src.source_addr; - } - - curproxy->mode = defproxy.mode; - curproxy->uri_auth = defproxy.uri_auth; /* for stats */ - - /* copy default logsrvs to curproxy */ - list_for_each_entry(tmplogsrv, &defproxy.logsrvs, list) { - struct logsrv *node = malloc(sizeof(*node)); - memcpy(node, tmplogsrv, sizeof(struct logsrv)); - node->ref = tmplogsrv->ref; - LIST_INIT(&node->list); - LIST_ADDQ(&curproxy->logsrvs, &node->list); - } - - curproxy->conf.uniqueid_format_string = defproxy.conf.uniqueid_format_string; - if (curproxy->conf.uniqueid_format_string) - curproxy->conf.uniqueid_format_string = strdup(curproxy->conf.uniqueid_format_string); - - chunk_dup(&curproxy->log_tag, &defproxy.log_tag); - - if (defproxy.conf.uif_file) { - curproxy->conf.uif_file = strdup(defproxy.conf.uif_file); - curproxy->conf.uif_line = defproxy.conf.uif_line; - } - - /* copy default header unique id */ - if (defproxy.header_unique_id) - curproxy->header_unique_id = strdup(defproxy.header_unique_id); - - /* default compression options */ - if (defproxy.comp != NULL) { - curproxy->comp = calloc(1, sizeof(struct comp)); - curproxy->comp->algos = defproxy.comp->algos; - curproxy->comp->types = defproxy.comp->types; - } - - curproxy->grace = defproxy.grace; - curproxy->conf.used_listener_id = EB_ROOT; - curproxy->conf.used_server_id = EB_ROOT; - - if (defproxy.check_path) - curproxy->check_path = strdup(defproxy.check_path); - if (defproxy.check_command) - curproxy->check_command = strdup(defproxy.check_command); - - if (defproxy.email_alert.mailers.name) - curproxy->email_alert.mailers.name = strdup(defproxy.email_alert.mailers.name); - if (defproxy.email_alert.from) - curproxy->email_alert.from = strdup(defproxy.email_alert.from); - if (defproxy.email_alert.to) - curproxy->email_alert.to = strdup(defproxy.email_alert.to); - if (defproxy.email_alert.myhostname) - curproxy->email_alert.myhostname = strdup(defproxy.email_alert.myhostname); - curproxy->email_alert.level = defproxy.email_alert.level; - curproxy->email_alert.set = defproxy.email_alert.set; - - goto out; - } - else if (!strcmp(args[0], "defaults")) { /* use this one to assign default values */ - /* some variables may have already been initialized earlier */ - /* FIXME-20070101: we should do this too at the end of the - * config parsing to free all default values. - */ - if (alertif_too_many_args(1, file, linenum, args, &err_code)) { - err_code |= ERR_ABORT; - goto out; - } - - free(defproxy.check_req); - free(defproxy.check_command); - free(defproxy.check_path); - free(defproxy.cookie_name); - free(defproxy.rdp_cookie_name); - free(defproxy.dyncookie_key); - free(defproxy.cookie_domain); - free(defproxy.url_param_name); - free(defproxy.hh_name); - free(defproxy.capture_name); - free(defproxy.monitor_uri); - free(defproxy.defbe.name); - free(defproxy.conn_src.iface_name); - free(defproxy.fwdfor_hdr_name); - defproxy.fwdfor_hdr_len = 0; - free(defproxy.orgto_hdr_name); - defproxy.orgto_hdr_len = 0; - free(defproxy.server_id_hdr_name); - defproxy.server_id_hdr_len = 0; - free(defproxy.expect_str); - if (defproxy.expect_regex) { - regex_free(defproxy.expect_regex); - free(defproxy.expect_regex); - defproxy.expect_regex = NULL; - } - - if (defproxy.conf.logformat_string != default_http_log_format && - defproxy.conf.logformat_string != default_tcp_log_format && - defproxy.conf.logformat_string != clf_http_log_format) - free(defproxy.conf.logformat_string); - - free(defproxy.conf.uniqueid_format_string); - free(defproxy.conf.lfs_file); - free(defproxy.conf.uif_file); - chunk_destroy(&defproxy.log_tag); - free_email_alert(&defproxy); - - if (defproxy.conf.logformat_sd_string != default_rfc5424_sd_log_format) - free(defproxy.conf.logformat_sd_string); - free(defproxy.conf.lfsd_file); - - for (rc = 0; rc < HTTP_ERR_SIZE; rc++) - chunk_destroy(&defproxy.errmsg[rc]); - - /* we cannot free uri_auth because it might already be used */ - init_default_instance(); - curproxy = &defproxy; - curproxy->conf.args.file = curproxy->conf.file = strdup(file); - curproxy->conf.args.line = curproxy->conf.line = linenum; - defproxy.cap = PR_CAP_LISTEN; /* all caps for now */ - goto out; - } - else if (curproxy == NULL) { - ha_alert("parsing [%s:%d] : 'listen' or 'defaults' expected.\n", file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - /* update the current file and line being parsed */ - curproxy->conf.args.file = curproxy->conf.file; - curproxy->conf.args.line = linenum; - - /* Now let's parse the proxy-specific keywords */ - if (!strcmp(args[0], "server") || - !strcmp(args[0], "default-server") || - !strcmp(args[0], "server-template")) { - err_code |= parse_server(file, linenum, args, curproxy, &defproxy); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "bind")) { /* new listen addresses */ - struct listener *l; - int cur_arg; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (!*(args[1])) { - ha_alert("parsing [%s:%d] : '%s' expects {|[addr1]:port1[-end1]}{,[addr]:port[-end]}... as arguments.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - bind_conf = bind_conf_alloc(curproxy, file, linenum, args[1], xprt_get(XPRT_RAW)); - - /* use default settings for unix sockets */ - bind_conf->ux.uid = global.unix_bind.ux.uid; - bind_conf->ux.gid = global.unix_bind.ux.gid; - bind_conf->ux.mode = global.unix_bind.ux.mode; - - /* NOTE: the following line might create several listeners if there - * are comma-separated IPs or port ranges. So all further processing - * will have to be applied to all listeners created after last_listen. - */ - if (!str2listener(args[1], curproxy, bind_conf, file, linenum, &errmsg)) { - if (errmsg && *errmsg) { - indent_msg(&errmsg, 2); - ha_alert("parsing [%s:%d] : '%s' : %s\n", file, linenum, args[0], errmsg); - } - else - ha_alert("parsing [%s:%d] : '%s' : error encountered while parsing listening address '%s'.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - list_for_each_entry(l, &bind_conf->listeners, by_bind) { - /* Set default global rights and owner for unix bind */ - global.maxsock++; - } - - cur_arg = 2; - while (*(args[cur_arg])) { - static int bind_dumped; - struct bind_kw *kw; - char *err; - - kw = bind_find_kw(args[cur_arg]); - if (kw) { - char *err = NULL; - int code; - - if (!kw->parse) { - ha_alert("parsing [%s:%d] : '%s %s' : '%s' option is not implemented in this version (check build options).\n", - file, linenum, args[0], args[1], args[cur_arg]); - cur_arg += 1 + kw->skip ; - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - code = kw->parse(args, cur_arg, curproxy, bind_conf, &err); - err_code |= code; - - if (code) { - if (err && *err) { - indent_msg(&err, 2); - ha_alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], err); - } - else - ha_alert("parsing [%s:%d] : '%s %s' : error encountered while processing '%s'.\n", - file, linenum, args[0], args[1], args[cur_arg]); - if (code & ERR_FATAL) { - free(err); - cur_arg += 1 + kw->skip; - goto out; - } - } - free(err); - cur_arg += 1 + kw->skip; - continue; - } - - err = NULL; - if (!bind_dumped) { - bind_dump_kws(&err); - indent_msg(&err, 4); - bind_dumped = 1; - } - - ha_alert("parsing [%s:%d] : '%s %s' unknown keyword '%s'.%s%s\n", - file, linenum, args[0], args[1], args[cur_arg], - err ? " Registered keywords :" : "", err ? err : ""); - free(err); - - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - goto out; - } - else if (!strcmp(args[0], "monitor-net")) { /* set the range of IPs to ignore */ - if (!*args[1] || !str2net(args[1], 1, &curproxy->mon_net, &curproxy->mon_mask)) { - ha_alert("parsing [%s:%d] : '%s' expects address[/mask].\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - /* flush useless bits */ - curproxy->mon_net.s_addr &= curproxy->mon_mask.s_addr; - goto out; - } - else if (!strcmp(args[0], "monitor-uri")) { /* set the URI to intercept */ - if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (alertif_too_many_args(1, file, linenum, args, &err_code)) - goto out; - - if (!*args[1]) { - ha_alert("parsing [%s:%d] : '%s' expects an URI.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - free(curproxy->monitor_uri); - curproxy->monitor_uri_len = strlen(args[1]); - curproxy->monitor_uri = calloc(1, curproxy->monitor_uri_len + 1); - memcpy(curproxy->monitor_uri, args[1], curproxy->monitor_uri_len); - curproxy->monitor_uri[curproxy->monitor_uri_len] = '\0'; - - goto out; - } - else if (!strcmp(args[0], "mode")) { /* sets the proxy mode */ - if (alertif_too_many_args(1, file, linenum, args, &err_code)) - goto out; - - if (!strcmp(args[1], "http")) curproxy->mode = PR_MODE_HTTP; - else if (!strcmp(args[1], "tcp")) curproxy->mode = PR_MODE_TCP; - else if (!strcmp(args[1], "health")) curproxy->mode = PR_MODE_HEALTH; - else { - ha_alert("parsing [%s:%d] : unknown proxy mode '%s'.\n", file, linenum, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "id")) { - struct eb32_node *node; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (alertif_too_many_args(1, file, linenum, args, &err_code)) - goto out; - - if (!*args[1]) { - ha_alert("parsing [%s:%d]: '%s' expects an integer argument.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - curproxy->uuid = atol(args[1]); - curproxy->conf.id.key = curproxy->uuid; - curproxy->options |= PR_O_FORCED_ID; - - if (curproxy->uuid <= 0) { - ha_alert("parsing [%s:%d]: custom id has to be > 0.\n", - file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - node = eb32_lookup(&used_proxy_id, curproxy->uuid); - if (node) { - struct proxy *target = container_of(node, struct proxy, conf.id); - ha_alert("parsing [%s:%d]: %s %s reuses same custom id as %s %s (declared at %s:%d).\n", - file, linenum, proxy_type_str(curproxy), curproxy->id, - proxy_type_str(target), target->id, target->conf.file, target->conf.line); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - eb32_insert(&used_proxy_id, &curproxy->conf.id); - } - else if (!strcmp(args[0], "description")) { - int i, len=0; - char *d; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (!*args[1]) { - ha_alert("parsing [%s:%d]: '%s' expects a string argument.\n", - file, linenum, args[0]); - return -1; - } - - for (i = 1; *args[i]; i++) - len += strlen(args[i]) + 1; - - d = calloc(1, len); - curproxy->desc = d; - - d += snprintf(d, curproxy->desc + len - d, "%s", args[1]); - for (i = 2; *args[i]; i++) - d += snprintf(d, curproxy->desc + len - d, " %s", args[i]); - - } - else if (!strcmp(args[0], "disabled")) { /* disables this proxy */ - if (alertif_too_many_args(0, file, linenum, args, &err_code)) - goto out; - curproxy->state = PR_STSTOPPED; - } - else if (!strcmp(args[0], "enabled")) { /* enables this proxy (used to revert a disabled default) */ - if (alertif_too_many_args(0, file, linenum, args, &err_code)) - goto out; - curproxy->state = PR_STNEW; - } - else if (!strcmp(args[0], "bind-process")) { /* enable this proxy only on some processes */ - int cur_arg = 1; - unsigned long set = 0; - - while (*args[cur_arg]) { - if (strcmp(args[cur_arg], "all") == 0) { - set = 0; - break; - } - if (parse_process_number(args[cur_arg], &set, NULL, &errmsg)) { - ha_alert("parsing [%s:%d] : %s : %s\n", file, linenum, args[0], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - cur_arg++; - } - curproxy->bind_proc = set; - } - else if (!strcmp(args[0], "acl")) { /* add an ACL */ - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - err = invalid_char(args[1]); - if (err) { - ha_alert("parsing [%s:%d] : character '%c' is not permitted in acl name '%s'.\n", - file, linenum, *err, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (parse_acl((const char **)args + 1, &curproxy->acl, &errmsg, &curproxy->conf.args, file, linenum) == NULL) { - ha_alert("parsing [%s:%d] : error detected while parsing ACL '%s' : %s.\n", - file, linenum, args[1], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "dynamic-cookie-key")) { /* Dynamic cookies secret key */ - - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects as argument.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->dyncookie_key); - curproxy->dyncookie_key = strdup(args[1]); - } - else if (!strcmp(args[0], "cookie")) { /* cookie name */ - int cur_arg; - - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects as argument.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - curproxy->ck_opts = 0; - curproxy->cookie_maxidle = curproxy->cookie_maxlife = 0; - free(curproxy->cookie_domain); curproxy->cookie_domain = NULL; - free(curproxy->cookie_name); - curproxy->cookie_name = strdup(args[1]); - curproxy->cookie_len = strlen(curproxy->cookie_name); - - cur_arg = 2; - while (*(args[cur_arg])) { - if (!strcmp(args[cur_arg], "rewrite")) { - curproxy->ck_opts |= PR_CK_RW; - } - else if (!strcmp(args[cur_arg], "indirect")) { - curproxy->ck_opts |= PR_CK_IND; - } - else if (!strcmp(args[cur_arg], "insert")) { - curproxy->ck_opts |= PR_CK_INS; - } - else if (!strcmp(args[cur_arg], "nocache")) { - curproxy->ck_opts |= PR_CK_NOC; - } - else if (!strcmp(args[cur_arg], "postonly")) { - curproxy->ck_opts |= PR_CK_POST; - } - else if (!strcmp(args[cur_arg], "preserve")) { - curproxy->ck_opts |= PR_CK_PSV; - } - else if (!strcmp(args[cur_arg], "prefix")) { - curproxy->ck_opts |= PR_CK_PFX; - } - else if (!strcmp(args[cur_arg], "httponly")) { - curproxy->ck_opts |= PR_CK_HTTPONLY; - } - else if (!strcmp(args[cur_arg], "secure")) { - curproxy->ck_opts |= PR_CK_SECURE; - } - else if (!strcmp(args[cur_arg], "domain")) { - if (!*args[cur_arg + 1]) { - ha_alert("parsing [%s:%d]: '%s' expects as argument.\n", - file, linenum, args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (*args[cur_arg + 1] != '.' || !strchr(args[cur_arg + 1] + 1, '.')) { - /* rfc2109, 4.3.2 Rejecting Cookies */ - ha_warning("parsing [%s:%d]: domain '%s' contains no embedded" - " dots nor does not start with a dot." - " RFC forbids it, this configuration may not work properly.\n", - file, linenum, args[cur_arg + 1]); - err_code |= ERR_WARN; - } - - err = invalid_domainchar(args[cur_arg + 1]); - if (err) { - ha_alert("parsing [%s:%d]: character '%c' is not permitted in domain name '%s'.\n", - file, linenum, *err, args[cur_arg + 1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (!curproxy->cookie_domain) { - curproxy->cookie_domain = strdup(args[cur_arg + 1]); - } else { - /* one domain was already specified, add another one by - * building the string which will be returned along with - * the cookie. - */ - char *new_ptr; - int new_len = strlen(curproxy->cookie_domain) + - strlen("; domain=") + strlen(args[cur_arg + 1]) + 1; - new_ptr = malloc(new_len); - snprintf(new_ptr, new_len, "%s; domain=%s", curproxy->cookie_domain, args[cur_arg+1]); - free(curproxy->cookie_domain); - curproxy->cookie_domain = new_ptr; - } - cur_arg++; - } - else if (!strcmp(args[cur_arg], "maxidle")) { - unsigned int maxidle; - const char *res; - - if (!*args[cur_arg + 1]) { - ha_alert("parsing [%s:%d]: '%s' expects in seconds as argument.\n", - file, linenum, args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - res = parse_time_err(args[cur_arg + 1], &maxidle, TIME_UNIT_S); - if (res) { - ha_alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n", - file, linenum, *res, args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->cookie_maxidle = maxidle; - cur_arg++; - } - else if (!strcmp(args[cur_arg], "maxlife")) { - unsigned int maxlife; - const char *res; - - if (!*args[cur_arg + 1]) { - ha_alert("parsing [%s:%d]: '%s' expects in seconds as argument.\n", - file, linenum, args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - res = parse_time_err(args[cur_arg + 1], &maxlife, TIME_UNIT_S); - if (res) { - ha_alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n", - file, linenum, *res, args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->cookie_maxlife = maxlife; - cur_arg++; - } - else if (!strcmp(args[cur_arg], "dynamic")) { /* Dynamic persistent cookies secret key */ - - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[cur_arg], NULL)) - err_code |= ERR_WARN; - curproxy->ck_opts |= PR_CK_DYNAMIC; - } - - else { - ha_alert("parsing [%s:%d] : '%s' supports 'rewrite', 'insert', 'prefix', 'indirect', 'nocache', 'postonly', 'domain', 'maxidle', 'dynamic' and 'maxlife' options.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - cur_arg++; - } - if (!POWEROF2(curproxy->ck_opts & (PR_CK_RW|PR_CK_IND))) { - ha_alert("parsing [%s:%d] : cookie 'rewrite' and 'indirect' modes are incompatible.\n", - file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - } - - if (!POWEROF2(curproxy->ck_opts & (PR_CK_RW|PR_CK_INS|PR_CK_PFX))) { - ha_alert("parsing [%s:%d] : cookie 'rewrite', 'insert' and 'prefix' modes are incompatible.\n", - file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - } - - if ((curproxy->ck_opts & (PR_CK_PSV | PR_CK_INS | PR_CK_IND)) == PR_CK_PSV) { - ha_alert("parsing [%s:%d] : cookie 'preserve' requires at least 'insert' or 'indirect'.\n", - file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - } - }/* end else if (!strcmp(args[0], "cookie")) */ - else if (!strcmp(args[0], "email-alert")) { - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (!strcmp(args[1], "from")) { - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", - file, linenum, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->email_alert.from); - curproxy->email_alert.from = strdup(args[2]); - } - else if (!strcmp(args[1], "mailers")) { - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", - file, linenum, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->email_alert.mailers.name); - curproxy->email_alert.mailers.name = strdup(args[2]); - } - else if (!strcmp(args[1], "myhostname")) { - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", - file, linenum, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->email_alert.myhostname); - curproxy->email_alert.myhostname = strdup(args[2]); - } - else if (!strcmp(args[1], "level")) { - curproxy->email_alert.level = get_log_level(args[2]); - if (curproxy->email_alert.level < 0) { - ha_alert("parsing [%s:%d] : unknown log level '%s' after '%s'\n", - file, linenum, args[1], args[2]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[1], "to")) { - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", - file, linenum, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->email_alert.to); - curproxy->email_alert.to = strdup(args[2]); - } - else { - ha_alert("parsing [%s:%d] : email-alert: unknown argument '%s'.\n", - file, linenum, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - /* Indicate that the email_alert is at least partially configured */ - curproxy->email_alert.set = 1; - }/* end else if (!strcmp(args[0], "email-alert")) */ - else if (!strcmp(args[0], "external-check")) { - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (!strcmp(args[1], "command")) { - if (alertif_too_many_args(2, file, linenum, args, &err_code)) - goto out; - if (*(args[2]) == 0) { - ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", - file, linenum, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->check_command); - curproxy->check_command = strdup(args[2]); - } - else if (!strcmp(args[1], "path")) { - if (alertif_too_many_args(2, file, linenum, args, &err_code)) - goto out; - if (*(args[2]) == 0) { - ha_alert("parsing [%s:%d] : missing argument after '%s'.\n", - file, linenum, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->check_path); - curproxy->check_path = strdup(args[2]); - } - else { - ha_alert("parsing [%s:%d] : external-check: unknown argument '%s'.\n", - file, linenum, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - }/* end else if (!strcmp(args[0], "external-check")) */ - else if (!strcmp(args[0], "persist")) { /* persist */ - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : missing persist method.\n", - file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (!strncmp(args[1], "rdp-cookie", 10)) { - curproxy->options2 |= PR_O2_RDPC_PRST; - - if (*(args[1] + 10) == '(') { /* cookie name */ - const char *beg, *end; - - beg = args[1] + 11; - end = strchr(beg, ')'); - - if (alertif_too_many_args(1, file, linenum, args, &err_code)) - goto out; - - if (!end || end == beg) { - ha_alert("parsing [%s:%d] : persist rdp-cookie(name)' requires an rdp cookie name.\n", - file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - free(curproxy->rdp_cookie_name); - curproxy->rdp_cookie_name = my_strndup(beg, end - beg); - curproxy->rdp_cookie_len = end-beg; - } - else if (*(args[1] + 10) == '\0') { /* default cookie name 'msts' */ - free(curproxy->rdp_cookie_name); - curproxy->rdp_cookie_name = strdup("msts"); - curproxy->rdp_cookie_len = strlen(curproxy->rdp_cookie_name); - } - else { /* syntax */ - ha_alert("parsing [%s:%d] : persist rdp-cookie(name)' requires an rdp cookie name.\n", - file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else { - ha_alert("parsing [%s:%d] : unknown persist method.\n", - file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "appsession")) { /* cookie name */ - ha_alert("parsing [%s:%d] : '%s' is not supported anymore, please check the documentation.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - else if (!strcmp(args[0], "load-server-state-from-file")) { - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - if (!strcmp(args[1], "global")) { /* use the file pointed to by global server-state-file directive */ - curproxy->load_server_state_from_file = PR_SRV_STATE_FILE_GLOBAL; - } - else if (!strcmp(args[1], "local")) { /* use the server-state-file-name variable to locate the server-state file */ - curproxy->load_server_state_from_file = PR_SRV_STATE_FILE_LOCAL; - } - else if (!strcmp(args[1], "none")) { /* don't use server-state-file directive for this backend */ - curproxy->load_server_state_from_file = PR_SRV_STATE_FILE_NONE; - } - else { - ha_alert("parsing [%s:%d] : '%s' expects 'global', 'local' or 'none'. Got '%s'\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "server-state-file-name")) { - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects 'use-backend-name' or a string. Got no argument\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - else if (!strcmp(args[1], "use-backend-name")) - curproxy->server_state_file_name = strdup(curproxy->id); - else - curproxy->server_state_file_name = strdup(args[1]); - } - else if (!strcmp(args[0], "capture")) { - if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (!strcmp(args[1], "cookie")) { /* name of a cookie to capture */ - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (alertif_too_many_args_idx(4, 1, file, linenum, args, &err_code)) - goto out; - - if (*(args[4]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects 'cookie' 'len' .\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->capture_name); - curproxy->capture_name = strdup(args[2]); - curproxy->capture_namelen = strlen(curproxy->capture_name); - curproxy->capture_len = atol(args[4]); - curproxy->to_log |= LW_COOKIE; - } - else if (!strcmp(args[1], "request") && !strcmp(args[2], "header")) { - struct cap_hdr *hdr; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (alertif_too_many_args_idx(4, 1, file, linenum, args, &err_code)) - goto out; - - if (*(args[3]) == 0 || strcmp(args[4], "len") != 0 || *(args[5]) == 0) { - ha_alert("parsing [%s:%d] : '%s %s' expects 'header' 'len' .\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - hdr = calloc(1, sizeof(*hdr)); - hdr->next = curproxy->req_cap; - hdr->name = strdup(args[3]); - hdr->namelen = strlen(args[3]); - hdr->len = atol(args[5]); - hdr->pool = create_pool("caphdr", hdr->len + 1, MEM_F_SHARED); - hdr->index = curproxy->nb_req_cap++; - curproxy->req_cap = hdr; - curproxy->to_log |= LW_REQHDR; - } - else if (!strcmp(args[1], "response") && !strcmp(args[2], "header")) { - struct cap_hdr *hdr; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (alertif_too_many_args_idx(4, 1, file, linenum, args, &err_code)) - goto out; - - if (*(args[3]) == 0 || strcmp(args[4], "len") != 0 || *(args[5]) == 0) { - ha_alert("parsing [%s:%d] : '%s %s' expects 'header' 'len' .\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - hdr = calloc(1, sizeof(*hdr)); - hdr->next = curproxy->rsp_cap; - hdr->name = strdup(args[3]); - hdr->namelen = strlen(args[3]); - hdr->len = atol(args[5]); - hdr->pool = create_pool("caphdr", hdr->len + 1, MEM_F_SHARED); - hdr->index = curproxy->nb_rsp_cap++; - curproxy->rsp_cap = hdr; - curproxy->to_log |= LW_RSPHDR; - } - else { - ha_alert("parsing [%s:%d] : '%s' expects 'cookie' or 'request header' or 'response header'.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "retries")) { /* connection retries */ - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (alertif_too_many_args(1, file, linenum, args, &err_code)) - goto out; - - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects an integer argument (dispatch counts for one).\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->conn_retries = atol(args[1]); - } - else if (!strcmp(args[0], "http-request")) { /* request access control: allow/deny/auth */ - struct act_rule *rule; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (!LIST_ISEMPTY(&curproxy->http_req_rules) && - !LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->cond && - (LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_ACTION_ALLOW || - LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_ACTION_DENY || - LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_HTTP_REDIR || - LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_HTTP_REQ_AUTH)) { - ha_warning("parsing [%s:%d]: previous '%s' action is final and has no condition attached, further entries are NOOP.\n", - file, linenum, args[0]); - err_code |= ERR_WARN; - } - - rule = parse_http_req_cond((const char **)args + 1, file, linenum, curproxy); - - if (!rule) { - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - - err_code |= warnif_misplaced_http_req(curproxy, file, linenum, args[0]); - err_code |= warnif_cond_conflicts(rule->cond, - (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, - file, linenum); - - LIST_ADDQ(&curproxy->http_req_rules, &rule->list); - } - else if (!strcmp(args[0], "http-response")) { /* response access control */ - struct act_rule *rule; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (!LIST_ISEMPTY(&curproxy->http_res_rules) && - !LIST_PREV(&curproxy->http_res_rules, struct act_rule *, list)->cond && - (LIST_PREV(&curproxy->http_res_rules, struct act_rule *, list)->action == ACT_ACTION_ALLOW || - LIST_PREV(&curproxy->http_res_rules, struct act_rule *, list)->action == ACT_ACTION_DENY)) { - ha_warning("parsing [%s:%d]: previous '%s' action is final and has no condition attached, further entries are NOOP.\n", - file, linenum, args[0]); - err_code |= ERR_WARN; - } - - rule = parse_http_res_cond((const char **)args + 1, file, linenum, curproxy); - - if (!rule) { - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - - err_code |= warnif_cond_conflicts(rule->cond, - (curproxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR, - file, linenum); - - LIST_ADDQ(&curproxy->http_res_rules, &rule->list); - } - else if (!strcmp(args[0], "http-send-name-header")) { /* send server name in request header */ - /* set the header name and length into the proxy structure */ - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (!*args[1]) { - ha_alert("parsing [%s:%d] : '%s' requires a header string.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - /* set the desired header name */ - free(curproxy->server_id_hdr_name); - curproxy->server_id_hdr_name = strdup(args[1]); - curproxy->server_id_hdr_len = strlen(curproxy->server_id_hdr_name); - } - else if (!strcmp(args[0], "block")) { /* early blocking based on ACLs */ - struct act_rule *rule; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - /* emulate "block" using "http-request block". Since these rules are supposed to - * be processed before all http-request rules, we put them into their own list - * and will insert them at the end. - */ - rule = parse_http_req_cond((const char **)args, file, linenum, curproxy); - if (!rule) { - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - err_code |= warnif_misplaced_block(curproxy, file, linenum, args[0]); - err_code |= warnif_cond_conflicts(rule->cond, - (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, - file, linenum); - LIST_ADDQ(&curproxy->block_rules, &rule->list); - - if (!already_warned(WARN_BLOCK_DEPRECATED)) - ha_warning("parsing [%s:%d] : The '%s' directive is now deprecated in favor of 'http-request deny' which uses the exact same syntax. The rules are translated but support might disappear in a future version.\n", file, linenum, args[0]); - - } - else if (!strcmp(args[0], "redirect")) { - struct redirect_rule *rule; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if ((rule = http_parse_redirect_rule(file, linenum, curproxy, (const char **)args + 1, &errmsg, 0, 0)) == NULL) { - ha_alert("parsing [%s:%d] : error detected in %s '%s' while parsing redirect rule : %s.\n", - file, linenum, proxy_type_str(curproxy), curproxy->id, errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - LIST_ADDQ(&curproxy->redirect_rules, &rule->list); - err_code |= warnif_misplaced_redirect(curproxy, file, linenum, args[0]); - err_code |= warnif_cond_conflicts(rule->cond, - (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, - file, linenum); - } - else if (!strcmp(args[0], "use_backend")) { - struct switching_rule *rule; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects a backend name.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0) { - if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + 2, &errmsg)) == NULL) { - ha_alert("parsing [%s:%d] : error detected while parsing switching rule : %s.\n", - file, linenum, errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - err_code |= warnif_cond_conflicts(cond, SMP_VAL_FE_SET_BCK, file, linenum); - } - else if (*args[2]) { - ha_alert("parsing [%s:%d] : unexpected keyword '%s' after switching rule, only 'if' and 'unless' are allowed.\n", - file, linenum, args[2]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - rule = calloc(1, sizeof(*rule)); - if (!rule) { - ha_alert("Out of memory error.\n"); - goto out; - } - rule->cond = cond; - rule->be.name = strdup(args[1]); - rule->line = linenum; - rule->file = strdup(file); - if (!rule->file) { - ha_alert("Out of memory error.\n"); - goto out; - } - LIST_INIT(&rule->list); - LIST_ADDQ(&curproxy->switching_rules, &rule->list); - } - else if (strcmp(args[0], "use-server") == 0) { - struct server_rule *rule; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects a server name.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (strcmp(args[2], "if") != 0 && strcmp(args[2], "unless") != 0) { - ha_alert("parsing [%s:%d] : '%s' requires either 'if' or 'unless' followed by a condition.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + 2, &errmsg)) == NULL) { - ha_alert("parsing [%s:%d] : error detected while parsing switching rule : %s.\n", - file, linenum, errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_SET_SRV, file, linenum); - - rule = calloc(1, sizeof(*rule)); - rule->cond = cond; - rule->srv.name = strdup(args[1]); - LIST_INIT(&rule->list); - LIST_ADDQ(&curproxy->server_rules, &rule->list); - curproxy->be_req_ana |= AN_REQ_SRV_RULES; - } - else if ((!strcmp(args[0], "force-persist")) || - (!strcmp(args[0], "ignore-persist"))) { - struct persist_rule *rule; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (strcmp(args[1], "if") != 0 && strcmp(args[1], "unless") != 0) { - ha_alert("parsing [%s:%d] : '%s' requires either 'if' or 'unless' followed by a condition.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + 1, &errmsg)) == NULL) { - ha_alert("parsing [%s:%d] : error detected while parsing a '%s' rule : %s.\n", - file, linenum, args[0], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - /* note: BE_REQ_CNT is the first one after FE_SET_BCK, which is - * where force-persist is applied. - */ - err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_REQ_CNT, file, linenum); - - rule = calloc(1, sizeof(*rule)); - rule->cond = cond; - if (!strcmp(args[0], "force-persist")) { - rule->type = PERSIST_TYPE_FORCE; - } else { - rule->type = PERSIST_TYPE_IGNORE; - } - LIST_INIT(&rule->list); - LIST_ADDQ(&curproxy->persist_rules, &rule->list); - } - else if (!strcmp(args[0], "stick-table")) { - int myidx = 1; - struct proxy *other; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : 'stick-table' is not supported in 'defaults' section.\n", - file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - other = proxy_tbl_by_name(curproxy->id); - if (other) { - ha_alert("parsing [%s:%d] : stick-table name '%s' conflicts with table declared in %s '%s' at %s:%d.\n", - file, linenum, curproxy->id, proxy_type_str(other), other->id, other->conf.file, other->conf.line); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - curproxy->table.id = curproxy->id; - curproxy->table.type = (unsigned int)-1; - while (*args[myidx]) { - const char *err; - - if (strcmp(args[myidx], "size") == 0) { - myidx++; - if (!*(args[myidx])) { - ha_alert("parsing [%s:%d] : stick-table: missing argument after '%s'.\n", - file, linenum, args[myidx-1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if ((err = parse_size_err(args[myidx], &curproxy->table.size))) { - ha_alert("parsing [%s:%d] : stick-table: unexpected character '%c' in argument of '%s'.\n", - file, linenum, *err, args[myidx-1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - myidx++; - } - else if (strcmp(args[myidx], "peers") == 0) { - myidx++; - if (!*(args[myidx])) { - ha_alert("parsing [%s:%d] : stick-table: missing argument after '%s'.\n", - file, linenum, args[myidx-1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->table.peers.name = strdup(args[myidx++]); - } - else if (strcmp(args[myidx], "expire") == 0) { - myidx++; - if (!*(args[myidx])) { - ha_alert("parsing [%s:%d] : stick-table: missing argument after '%s'.\n", - file, linenum, args[myidx-1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - err = parse_time_err(args[myidx], &val, TIME_UNIT_MS); - if (err) { - ha_alert("parsing [%s:%d] : stick-table: unexpected character '%c' in argument of '%s'.\n", - file, linenum, *err, args[myidx-1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if (val > INT_MAX) { - ha_alert("parsing [%s:%d] : Expire value [%u]ms exceeds maxmimum value of 24.85 days.\n", - file, linenum, val); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->table.expire = val; - myidx++; - } - else if (strcmp(args[myidx], "nopurge") == 0) { - curproxy->table.nopurge = 1; - myidx++; - } - else if (strcmp(args[myidx], "type") == 0) { - myidx++; - if (stktable_parse_type(args, &myidx, &curproxy->table.type, &curproxy->table.key_size) != 0) { - ha_alert("parsing [%s:%d] : stick-table: unknown type '%s'.\n", - file, linenum, args[myidx]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - /* myidx already points to next arg */ - } - else if (strcmp(args[myidx], "store") == 0) { - int type, err; - char *cw, *nw, *sa; - - myidx++; - nw = args[myidx]; - while (*nw) { - /* the "store" keyword supports a comma-separated list */ - cw = nw; - sa = NULL; /* store arg */ - while (*nw && *nw != ',') { - if (*nw == '(') { - *nw = 0; - sa = ++nw; - while (*nw != ')') { - if (!*nw) { - ha_alert("parsing [%s:%d] : %s: missing closing parenthesis after store option '%s'.\n", - file, linenum, args[0], cw); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - nw++; - } - *nw = '\0'; - } - nw++; - } - if (*nw) - *nw++ = '\0'; - type = stktable_get_data_type(cw); - if (type < 0) { - ha_alert("parsing [%s:%d] : %s: unknown store option '%s'.\n", - file, linenum, args[0], cw); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - err = stktable_alloc_data_type(&curproxy->table, type, sa); - switch (err) { - case PE_NONE: break; - case PE_EXIST: - ha_warning("parsing [%s:%d]: %s: store option '%s' already enabled, ignored.\n", - file, linenum, args[0], cw); - err_code |= ERR_WARN; - break; - - case PE_ARG_MISSING: - ha_alert("parsing [%s:%d] : %s: missing argument to store option '%s'.\n", - file, linenum, args[0], cw); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - - case PE_ARG_NOT_USED: - ha_alert("parsing [%s:%d] : %s: unexpected argument to store option '%s'.\n", - file, linenum, args[0], cw); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - - default: - ha_alert("parsing [%s:%d] : %s: error when processing store option '%s'.\n", - file, linenum, args[0], cw); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - myidx++; - } - else { - ha_alert("parsing [%s:%d] : stick-table: unknown argument '%s'.\n", - file, linenum, args[myidx]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - - if (!curproxy->table.size) { - ha_alert("parsing [%s:%d] : stick-table: missing size.\n", - file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (curproxy->table.type == (unsigned int)-1) { - ha_alert("parsing [%s:%d] : stick-table: missing type.\n", - file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "stick")) { - struct sticking_rule *rule; - struct sample_expr *expr; - int myidx = 0; - const char *name = NULL; - int flags; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) { - err_code |= ERR_WARN; - goto out; - } - - myidx++; - if ((strcmp(args[myidx], "store") == 0) || - (strcmp(args[myidx], "store-request") == 0)) { - myidx++; - flags = STK_IS_STORE; - } - else if (strcmp(args[myidx], "store-response") == 0) { - myidx++; - flags = STK_IS_STORE | STK_ON_RSP; - } - else if (strcmp(args[myidx], "match") == 0) { - myidx++; - flags = STK_IS_MATCH; - } - else if (strcmp(args[myidx], "on") == 0) { - myidx++; - flags = STK_IS_MATCH | STK_IS_STORE; - } - else { - ha_alert("parsing [%s:%d] : '%s' expects 'on', 'match', or 'store'.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (*(args[myidx]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects a fetch method.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - curproxy->conf.args.ctx = ARGC_STK; - expr = sample_parse_expr(args, &myidx, file, linenum, &errmsg, &curproxy->conf.args); - if (!expr) { - ha_alert("parsing [%s:%d] : '%s': %s\n", file, linenum, args[0], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (flags & STK_ON_RSP) { - if (!(expr->fetch->val & SMP_VAL_BE_STO_RUL)) { - ha_alert("parsing [%s:%d] : '%s': fetch method '%s' extracts information from '%s', none of which is available for 'store-response'.\n", - file, linenum, args[0], expr->fetch->kw, sample_src_names(expr->fetch->use)); - err_code |= ERR_ALERT | ERR_FATAL; - free(expr); - goto out; - } - } else { - if (!(expr->fetch->val & SMP_VAL_BE_SET_SRV)) { - ha_alert("parsing [%s:%d] : '%s': fetch method '%s' extracts information from '%s', none of which is available during request.\n", - file, linenum, args[0], expr->fetch->kw, sample_src_names(expr->fetch->use)); - err_code |= ERR_ALERT | ERR_FATAL; - free(expr); - goto out; - } - } - - /* check if we need to allocate an hdr_idx struct for HTTP parsing */ - curproxy->http_needed |= !!(expr->fetch->use & SMP_USE_HTTP_ANY); - - if (strcmp(args[myidx], "table") == 0) { - myidx++; - name = args[myidx++]; - } - - if (strcmp(args[myidx], "if") == 0 || strcmp(args[myidx], "unless") == 0) { - if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + myidx, &errmsg)) == NULL) { - ha_alert("parsing [%s:%d] : '%s': error detected while parsing sticking condition : %s.\n", - file, linenum, args[0], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - free(expr); - goto out; - } - } - else if (*(args[myidx])) { - ha_alert("parsing [%s:%d] : '%s': unknown keyword '%s'.\n", - file, linenum, args[0], args[myidx]); - err_code |= ERR_ALERT | ERR_FATAL; - free(expr); - goto out; - } - if (flags & STK_ON_RSP) - err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_STO_RUL, file, linenum); - else - err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_SET_SRV, file, linenum); - - rule = calloc(1, sizeof(*rule)); - rule->cond = cond; - rule->expr = expr; - rule->flags = flags; - rule->table.name = name ? strdup(name) : NULL; - LIST_INIT(&rule->list); - if (flags & STK_ON_RSP) - LIST_ADDQ(&curproxy->storersp_rules, &rule->list); - else - LIST_ADDQ(&curproxy->sticking_rules, &rule->list); - } - else if (!strcmp(args[0], "stats")) { - if (curproxy != &defproxy && curproxy->uri_auth == defproxy.uri_auth) - curproxy->uri_auth = NULL; /* we must detach from the default config */ - - if (!*args[1]) { - goto stats_error_parsing; - } else if (!strcmp(args[1], "admin")) { - struct stats_admin_rule *rule; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d]: '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (!stats_check_init_uri_auth(&curproxy->uri_auth)) { - ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - - if (strcmp(args[2], "if") != 0 && strcmp(args[2], "unless") != 0) { - ha_alert("parsing [%s:%d] : '%s %s' requires either 'if' or 'unless' followed by a condition.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + 2, &errmsg)) == NULL) { - ha_alert("parsing [%s:%d] : error detected while parsing a '%s %s' rule : %s.\n", - file, linenum, args[0], args[1], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - err_code |= warnif_cond_conflicts(cond, - (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, - file, linenum); - - rule = calloc(1, sizeof(*rule)); - rule->cond = cond; - LIST_INIT(&rule->list); - LIST_ADDQ(&curproxy->uri_auth->admin_rules, &rule->list); - } else if (!strcmp(args[1], "uri")) { - if (*(args[2]) == 0) { - ha_alert("parsing [%s:%d] : 'uri' needs an URI prefix.\n", file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } else if (!stats_set_uri(&curproxy->uri_auth, args[2])) { - ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - } else if (!strcmp(args[1], "realm")) { - if (*(args[2]) == 0) { - ha_alert("parsing [%s:%d] : 'realm' needs an realm name.\n", file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } else if (!stats_set_realm(&curproxy->uri_auth, args[2])) { - ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - } else if (!strcmp(args[1], "refresh")) { - unsigned interval; - - err = parse_time_err(args[2], &interval, TIME_UNIT_S); - if (err) { - ha_alert("parsing [%s:%d] : unexpected character '%c' in stats refresh interval.\n", - file, linenum, *err); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } else if (!stats_set_refresh(&curproxy->uri_auth, interval)) { - ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - } else if (!strcmp(args[1], "http-request")) { /* request access control: allow/deny/auth */ - struct act_rule *rule; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (!stats_check_init_uri_auth(&curproxy->uri_auth)) { - ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - - if (!LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules) && - !LIST_PREV(&curproxy->uri_auth->http_req_rules, struct act_rule *, list)->cond) { - ha_warning("parsing [%s:%d]: previous '%s' action has no condition attached, further entries are NOOP.\n", - file, linenum, args[0]); - err_code |= ERR_WARN; - } - - rule = parse_http_req_cond((const char **)args + 2, file, linenum, curproxy); - - if (!rule) { - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - - err_code |= warnif_cond_conflicts(rule->cond, - (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, - file, linenum); - LIST_ADDQ(&curproxy->uri_auth->http_req_rules, &rule->list); - - } else if (!strcmp(args[1], "auth")) { - if (*(args[2]) == 0) { - ha_alert("parsing [%s:%d] : 'auth' needs a user:password account.\n", file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } else if (!stats_add_auth(&curproxy->uri_auth, args[2])) { - ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - } else if (!strcmp(args[1], "scope")) { - if (*(args[2]) == 0) { - ha_alert("parsing [%s:%d] : 'scope' needs a proxy name.\n", file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } else if (!stats_add_scope(&curproxy->uri_auth, args[2])) { - ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - } else if (!strcmp(args[1], "enable")) { - if (!stats_check_init_uri_auth(&curproxy->uri_auth)) { - ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - } else if (!strcmp(args[1], "hide-version")) { - if (!stats_set_flag(&curproxy->uri_auth, ST_HIDEVER)) { - ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - } else if (!strcmp(args[1], "show-legends")) { - if (!stats_set_flag(&curproxy->uri_auth, ST_SHLGNDS)) { - ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - } else if (!strcmp(args[1], "show-node")) { - - if (*args[2]) { - int i; - char c; - - for (i=0; args[2][i]; i++) { - c = args[2][i]; - if (!isupper((unsigned char)c) && !islower((unsigned char)c) && - !isdigit((unsigned char)c) && c != '_' && c != '-' && c != '.') - break; - } - - if (!i || args[2][i]) { - ha_alert("parsing [%s:%d]: '%s %s' invalid node name - should be a string" - "with digits(0-9), letters(A-Z, a-z), hyphen(-) or underscode(_).\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - - if (!stats_set_node(&curproxy->uri_auth, args[2])) { - ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - } else if (!strcmp(args[1], "show-desc")) { - char *desc = NULL; - - if (*args[2]) { - int i, len=0; - char *d; - - for (i = 2; *args[i]; i++) - len += strlen(args[i]) + 1; - - desc = d = calloc(1, len); - - d += snprintf(d, desc + len - d, "%s", args[2]); - for (i = 3; *args[i]; i++) - d += snprintf(d, desc + len - d, " %s", args[i]); - } - - if (!*args[2] && !global.desc) - ha_warning("parsing [%s:%d]: '%s' requires a parameter or 'desc' to be set in the global section.\n", - file, linenum, args[1]); - else { - if (!stats_set_desc(&curproxy->uri_auth, desc)) { - free(desc); - ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum); - err_code |= ERR_ALERT | ERR_ABORT; - goto out; - } - free(desc); - } - } else { -stats_error_parsing: - ha_alert("parsing [%s:%d]: %s '%s', expects 'admin', 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'.\n", - file, linenum, *args[1]?"unknown stats parameter":"missing keyword in", args[*args[1]?1:0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "option")) { - int optnum; - - if (*(args[1]) == '\0') { - ha_alert("parsing [%s:%d]: '%s' expects an option name.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - for (optnum = 0; cfg_opts[optnum].name; optnum++) { - if (!strcmp(args[1], cfg_opts[optnum].name)) { - if (cfg_opts[optnum].cap == PR_CAP_NONE) { - ha_alert("parsing [%s:%d]: option '%s' is not supported due to build options.\n", - file, linenum, cfg_opts[optnum].name); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - - if (warnifnotcap(curproxy, cfg_opts[optnum].cap, file, linenum, args[1], NULL)) { - err_code |= ERR_WARN; - goto out; - } - - curproxy->no_options &= ~cfg_opts[optnum].val; - curproxy->options &= ~cfg_opts[optnum].val; - - switch (kwm) { - case KWM_STD: - curproxy->options |= cfg_opts[optnum].val; - break; - case KWM_NO: - curproxy->no_options |= cfg_opts[optnum].val; - break; - case KWM_DEF: /* already cleared */ - break; - } - - goto out; - } - } - - for (optnum = 0; cfg_opts2[optnum].name; optnum++) { - if (!strcmp(args[1], cfg_opts2[optnum].name)) { - if (cfg_opts2[optnum].cap == PR_CAP_NONE) { - ha_alert("parsing [%s:%d]: option '%s' is not supported due to build options.\n", - file, linenum, cfg_opts2[optnum].name); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - if (warnifnotcap(curproxy, cfg_opts2[optnum].cap, file, linenum, args[1], NULL)) { - err_code |= ERR_WARN; - goto out; - } - - curproxy->no_options2 &= ~cfg_opts2[optnum].val; - curproxy->options2 &= ~cfg_opts2[optnum].val; - - switch (kwm) { - case KWM_STD: - curproxy->options2 |= cfg_opts2[optnum].val; - break; - case KWM_NO: - curproxy->no_options2 |= cfg_opts2[optnum].val; - break; - case KWM_DEF: /* already cleared */ - break; - } - goto out; - } - } - - /* HTTP options override each other. They can be cancelled using - * "no option xxx" which only switches to default mode if the mode - * was this one (useful for cancelling options set in defaults - * sections). - */ - if (strcmp(args[1], "httpclose") == 0 || strcmp(args[1], "forceclose") == 0) { - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - if (kwm == KWM_STD) { - curproxy->options &= ~PR_O_HTTP_MODE; - curproxy->options |= PR_O_HTTP_CLO; - goto out; - } - else if (kwm == KWM_NO) { - if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_CLO) - curproxy->options &= ~PR_O_HTTP_MODE; - goto out; - } - } - else if (strcmp(args[1], "http-server-close") == 0) { - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - if (kwm == KWM_STD) { - curproxy->options &= ~PR_O_HTTP_MODE; - curproxy->options |= PR_O_HTTP_SCL; - goto out; - } - else if (kwm == KWM_NO) { - if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_SCL) - curproxy->options &= ~PR_O_HTTP_MODE; - goto out; - } - } - else if (strcmp(args[1], "http-keep-alive") == 0) { - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - if (kwm == KWM_STD) { - curproxy->options &= ~PR_O_HTTP_MODE; - curproxy->options |= PR_O_HTTP_KAL; - goto out; - } - else if (kwm == KWM_NO) { - if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_KAL) - curproxy->options &= ~PR_O_HTTP_MODE; - goto out; - } - } - else if (strcmp(args[1], "http-tunnel") == 0) { - if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[1], NULL)) { - err_code |= ERR_WARN; - goto out; - } - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - if (kwm == KWM_STD) { - curproxy->options &= ~PR_O_HTTP_MODE; - curproxy->options |= PR_O_HTTP_TUN; - goto out; - } - else if (kwm == KWM_NO) { - if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_TUN) - curproxy->options &= ~PR_O_HTTP_MODE; - goto out; - } - } - - /* Redispatch can take an integer argument that control when the - * resispatch occurs. All values are relative to the retries option. - * This can be cancelled using "no option xxx". - */ - if (strcmp(args[1], "redispatch") == 0) { - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) { - err_code |= ERR_WARN; - goto out; - } - - curproxy->no_options &= ~PR_O_REDISP; - curproxy->options &= ~PR_O_REDISP; - - switch (kwm) { - case KWM_STD: - curproxy->options |= PR_O_REDISP; - curproxy->redispatch_after = -1; - if(*args[2]) { - curproxy->redispatch_after = atol(args[2]); - } - break; - case KWM_NO: - curproxy->no_options |= PR_O_REDISP; - curproxy->redispatch_after = 0; - break; - case KWM_DEF: /* already cleared */ - break; - } - goto out; - } - - if (kwm != KWM_STD) { - ha_alert("parsing [%s:%d]: negation/default is not supported for option '%s'.\n", - file, linenum, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (!strcmp(args[1], "httplog")) { - char *logformat; - /* generate a complete HTTP log */ - logformat = default_http_log_format; - if (*(args[2]) != '\0') { - if (!strcmp(args[2], "clf")) { - curproxy->options2 |= PR_O2_CLFLOG; - logformat = clf_http_log_format; - } else { - ha_alert("parsing [%s:%d] : keyword '%s' only supports option 'clf'.\n", file, linenum, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if (alertif_too_many_args_idx(1, 1, file, linenum, args, &err_code)) - goto out; - } - if (curproxy->conf.logformat_string && curproxy == &defproxy) { - char *oldlogformat = "log-format"; - char *clflogformat = ""; - - if (curproxy->conf.logformat_string == default_http_log_format) - oldlogformat = "option httplog"; - else if (curproxy->conf.logformat_string == default_tcp_log_format) - oldlogformat = "option tcplog"; - else if (curproxy->conf.logformat_string == clf_http_log_format) - oldlogformat = "option httplog clf"; - if (logformat == clf_http_log_format) - clflogformat = " clf"; - ha_warning("parsing [%s:%d]: 'option httplog%s' overrides previous '%s' in 'defaults' section.\n", - file, linenum, clflogformat, oldlogformat); - } - if (curproxy->conf.logformat_string != default_http_log_format && - curproxy->conf.logformat_string != default_tcp_log_format && - curproxy->conf.logformat_string != clf_http_log_format) - free(curproxy->conf.logformat_string); - curproxy->conf.logformat_string = logformat; - - free(curproxy->conf.lfs_file); - curproxy->conf.lfs_file = strdup(curproxy->conf.args.file); - curproxy->conf.lfs_line = curproxy->conf.args.line; - - if (curproxy != &defproxy && !(curproxy->cap & PR_CAP_FE)) { - ha_warning("parsing [%s:%d] : backend '%s' : 'option httplog' directive is ignored in backends.\n", - file, linenum, curproxy->id); - err_code |= ERR_WARN; - } - } - else if (!strcmp(args[1], "tcplog")) { - if (curproxy->conf.logformat_string && curproxy == &defproxy) { - char *oldlogformat = "log-format"; - - if (curproxy->conf.logformat_string == default_http_log_format) - oldlogformat = "option httplog"; - else if (curproxy->conf.logformat_string == default_tcp_log_format) - oldlogformat = "option tcplog"; - else if (curproxy->conf.logformat_string == clf_http_log_format) - oldlogformat = "option httplog clf"; - ha_warning("parsing [%s:%d]: 'option tcplog' overrides previous '%s' in 'defaults' section.\n", - file, linenum, oldlogformat); - } - /* generate a detailed TCP log */ - if (curproxy->conf.logformat_string != default_http_log_format && - curproxy->conf.logformat_string != default_tcp_log_format && - curproxy->conf.logformat_string != clf_http_log_format) - free(curproxy->conf.logformat_string); - curproxy->conf.logformat_string = default_tcp_log_format; - - free(curproxy->conf.lfs_file); - curproxy->conf.lfs_file = strdup(curproxy->conf.args.file); - curproxy->conf.lfs_line = curproxy->conf.args.line; - - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - - if (curproxy != &defproxy && !(curproxy->cap & PR_CAP_FE)) { - ha_warning("parsing [%s:%d] : backend '%s' : 'option tcplog' directive is ignored in backends.\n", - file, linenum, curproxy->id); - err_code |= ERR_WARN; - } - } - else if (!strcmp(args[1], "tcpka")) { - /* enable TCP keep-alives on client and server streams */ - if (warnifnotcap(curproxy, PR_CAP_BE | PR_CAP_FE, file, linenum, args[1], NULL)) - err_code |= ERR_WARN; - - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - - if (curproxy->cap & PR_CAP_FE) - curproxy->options |= PR_O_TCP_CLI_KA; - if (curproxy->cap & PR_CAP_BE) - curproxy->options |= PR_O_TCP_SRV_KA; - } - else if (!strcmp(args[1], "httpchk")) { - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) - err_code |= ERR_WARN; - - /* use HTTP request to check servers' health */ - free(curproxy->check_req); - curproxy->check_req = NULL; - curproxy->options2 &= ~PR_O2_CHK_ANY; - curproxy->options2 |= PR_O2_HTTP_CHK; - if (!*args[2]) { /* no argument */ - curproxy->check_req = strdup(DEF_CHECK_REQ); /* default request */ - curproxy->check_len = strlen(DEF_CHECK_REQ); - } else if (!*args[3]) { /* one argument : URI */ - int reqlen = strlen(args[2]) + strlen("OPTIONS HTTP/1.0\r\n") + 1; - curproxy->check_req = malloc(reqlen); - curproxy->check_len = snprintf(curproxy->check_req, reqlen, - "OPTIONS %s HTTP/1.0\r\n", args[2]); /* URI to use */ - } else { /* more arguments : METHOD URI [HTTP_VER] */ - int reqlen = strlen(args[2]) + strlen(args[3]) + 3 + strlen("\r\n"); - if (*args[4]) - reqlen += strlen(args[4]); - else - reqlen += strlen("HTTP/1.0"); - - curproxy->check_req = malloc(reqlen); - curproxy->check_len = snprintf(curproxy->check_req, reqlen, - "%s %s %s\r\n", args[2], args[3], *args[4]?args[4]:"HTTP/1.0"); - } - if (alertif_too_many_args_idx(3, 1, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[1], "ssl-hello-chk")) { - /* use SSLv3 CLIENT HELLO to check servers' health */ - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) - err_code |= ERR_WARN; - - free(curproxy->check_req); - curproxy->check_req = NULL; - curproxy->options2 &= ~PR_O2_CHK_ANY; - curproxy->options2 |= PR_O2_SSL3_CHK; - - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[1], "smtpchk")) { - /* use SMTP request to check servers' health */ - free(curproxy->check_req); - curproxy->check_req = NULL; - curproxy->options2 &= ~PR_O2_CHK_ANY; - curproxy->options2 |= PR_O2_SMTP_CHK; - - if (!*args[2] || !*args[3]) { /* no argument or incomplete EHLO host */ - curproxy->check_req = strdup(DEF_SMTP_CHECK_REQ); /* default request */ - curproxy->check_len = strlen(DEF_SMTP_CHECK_REQ); - } else { /* ESMTP EHLO, or SMTP HELO, and a hostname */ - if (!strcmp(args[2], "EHLO") || !strcmp(args[2], "HELO")) { - int reqlen = strlen(args[2]) + strlen(args[3]) + strlen(" \r\n") + 1; - curproxy->check_req = malloc(reqlen); - curproxy->check_len = snprintf(curproxy->check_req, reqlen, - "%s %s\r\n", args[2], args[3]); /* HELO hostname */ - } else { - /* this just hits the default for now, but you could potentially expand it to allow for other stuff - though, it's unlikely you'd want to send anything other than an EHLO or HELO */ - curproxy->check_req = strdup(DEF_SMTP_CHECK_REQ); /* default request */ - curproxy->check_len = strlen(DEF_SMTP_CHECK_REQ); - } - } - if (alertif_too_many_args_idx(2, 1, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[1], "pgsql-check")) { - /* use PostgreSQL request to check servers' health */ - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) - err_code |= ERR_WARN; - - free(curproxy->check_req); - curproxy->check_req = NULL; - curproxy->options2 &= ~PR_O2_CHK_ANY; - curproxy->options2 |= PR_O2_PGSQL_CHK; - - if (*(args[2])) { - int cur_arg = 2; - - while (*(args[cur_arg])) { - if (strcmp(args[cur_arg], "user") == 0) { - char * packet; - uint32_t packet_len; - uint32_t pv; - - /* suboption header - needs additional argument for it */ - if (*(args[cur_arg+1]) == 0) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument.\n", - file, linenum, args[0], args[1], args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - /* uint32_t + uint32_t + strlen("user")+1 + strlen(username)+1 + 1 */ - packet_len = 4 + 4 + 5 + strlen(args[cur_arg + 1])+1 +1; - pv = htonl(0x30000); /* protocol version 3.0 */ - - packet = calloc(1, packet_len); - - memcpy(packet + 4, &pv, 4); - - /* copy "user" */ - memcpy(packet + 8, "user", 4); - - /* copy username */ - memcpy(packet + 13, args[cur_arg+1], strlen(args[cur_arg+1])); - - free(curproxy->check_req); - curproxy->check_req = packet; - curproxy->check_len = packet_len; - - packet_len = htonl(packet_len); - memcpy(packet, &packet_len, 4); - cur_arg += 2; - } else { - /* unknown suboption - catchall */ - ha_alert("parsing [%s:%d] : '%s %s' only supports optional values: 'user'.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } /* end while loop */ - } - if (alertif_too_many_args_idx(2, 1, file, linenum, args, &err_code)) - goto out; - } - - else if (!strcmp(args[1], "redis-check")) { - /* use REDIS PING request to check servers' health */ - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) - err_code |= ERR_WARN; - - free(curproxy->check_req); - curproxy->check_req = NULL; - curproxy->options2 &= ~PR_O2_CHK_ANY; - curproxy->options2 |= PR_O2_REDIS_CHK; - - curproxy->check_req = malloc(sizeof(DEF_REDIS_CHECK_REQ) - 1); - memcpy(curproxy->check_req, DEF_REDIS_CHECK_REQ, sizeof(DEF_REDIS_CHECK_REQ) - 1); - curproxy->check_len = sizeof(DEF_REDIS_CHECK_REQ) - 1; - - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - } - - else if (!strcmp(args[1], "mysql-check")) { - /* use MYSQL request to check servers' health */ - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) - err_code |= ERR_WARN; - - free(curproxy->check_req); - curproxy->check_req = NULL; - curproxy->options2 &= ~PR_O2_CHK_ANY; - curproxy->options2 |= PR_O2_MYSQL_CHK; - - /* This is an example of a MySQL >=4.0 client Authentication packet kindly provided by Cyril Bonte. - * const char mysql40_client_auth_pkt[] = { - * "\x0e\x00\x00" // packet length - * "\x01" // packet number - * "\x00\x00" // client capabilities - * "\x00\x00\x01" // max packet - * "haproxy\x00" // username (null terminated string) - * "\x00" // filler (always 0x00) - * "\x01\x00\x00" // packet length - * "\x00" // packet number - * "\x01" // COM_QUIT command - * }; - */ - - /* This is an example of a MySQL >=4.1 client Authentication packet provided by Nenad Merdanovic. - * const char mysql41_client_auth_pkt[] = { - * "\x0e\x00\x00\" // packet length - * "\x01" // packet number - * "\x00\x00\x00\x00" // client capabilities - * "\x00\x00\x00\x01" // max packet - * "\x21" // character set (UTF-8) - * char[23] // All zeroes - * "haproxy\x00" // username (null terminated string) - * "\x00" // filler (always 0x00) - * "\x01\x00\x00" // packet length - * "\x00" // packet number - * "\x01" // COM_QUIT command - * }; - */ - - - if (*(args[2])) { - int cur_arg = 2; - - while (*(args[cur_arg])) { - if (strcmp(args[cur_arg], "user") == 0) { - char *mysqluser; - int packetlen, reqlen, userlen; - - /* suboption header - needs additional argument for it */ - if (*(args[cur_arg+1]) == 0) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument.\n", - file, linenum, args[0], args[1], args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - mysqluser = args[cur_arg + 1]; - userlen = strlen(mysqluser); - - if (*(args[cur_arg+2])) { - if (!strcmp(args[cur_arg+2], "post-41")) { - packetlen = userlen + 7 + 27; - reqlen = packetlen + 9; - - free(curproxy->check_req); - curproxy->check_req = calloc(1, reqlen); - curproxy->check_len = reqlen; - - snprintf(curproxy->check_req, 4, "%c%c%c", - ((unsigned char) packetlen & 0xff), - ((unsigned char) (packetlen >> 8) & 0xff), - ((unsigned char) (packetlen >> 16) & 0xff)); - - curproxy->check_req[3] = 1; - curproxy->check_req[5] = 0x82; // 130 - curproxy->check_req[11] = 1; - curproxy->check_req[12] = 33; - memcpy(&curproxy->check_req[36], mysqluser, userlen); - curproxy->check_req[36 + userlen + 1 + 1] = 1; - curproxy->check_req[36 + userlen + 1 + 1 + 4] = 1; - cur_arg += 3; - } else { - ha_alert("parsing [%s:%d] : keyword '%s' only supports option 'post-41'.\n", file, linenum, args[cur_arg+2]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } else { - packetlen = userlen + 7; - reqlen = packetlen + 9; - - free(curproxy->check_req); - curproxy->check_req = calloc(1, reqlen); - curproxy->check_len = reqlen; - - snprintf(curproxy->check_req, 4, "%c%c%c", - ((unsigned char) packetlen & 0xff), - ((unsigned char) (packetlen >> 8) & 0xff), - ((unsigned char) (packetlen >> 16) & 0xff)); - - curproxy->check_req[3] = 1; - curproxy->check_req[5] = 0x80; - curproxy->check_req[8] = 1; - memcpy(&curproxy->check_req[9], mysqluser, userlen); - curproxy->check_req[9 + userlen + 1 + 1] = 1; - curproxy->check_req[9 + userlen + 1 + 1 + 4] = 1; - cur_arg += 2; - } - } else { - /* unknown suboption - catchall */ - ha_alert("parsing [%s:%d] : '%s %s' only supports optional values: 'user'.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } /* end while loop */ - } - } - else if (!strcmp(args[1], "ldap-check")) { - /* use LDAP request to check servers' health */ - free(curproxy->check_req); - curproxy->check_req = NULL; - curproxy->options2 &= ~PR_O2_CHK_ANY; - curproxy->options2 |= PR_O2_LDAP_CHK; - - curproxy->check_req = malloc(sizeof(DEF_LDAP_CHECK_REQ) - 1); - memcpy(curproxy->check_req, DEF_LDAP_CHECK_REQ, sizeof(DEF_LDAP_CHECK_REQ) - 1); - curproxy->check_len = sizeof(DEF_LDAP_CHECK_REQ) - 1; - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[1], "spop-check")) { - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if (curproxy->cap & PR_CAP_FE) { - ha_alert("parsing [%s:%d] : '%s %s' not allowed in 'frontend' and 'listen' sections.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - /* use SPOE request to check servers' health */ - free(curproxy->check_req); - curproxy->check_req = NULL; - curproxy->options2 &= ~PR_O2_CHK_ANY; - curproxy->options2 |= PR_O2_SPOP_CHK; - - if (spoe_prepare_healthcheck_request(&curproxy->check_req, &curproxy->check_len)) { - ha_alert("parsing [%s:%d] : failed to prepare SPOP healthcheck request.\n", file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[1], "tcp-check")) { - /* use raw TCPCHK send/expect to check servers' health */ - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) - err_code |= ERR_WARN; - - free(curproxy->check_req); - curproxy->check_req = NULL; - curproxy->options2 &= ~PR_O2_CHK_ANY; - curproxy->options2 |= PR_O2_TCPCHK_CHK; - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[1], "external-check")) { - /* excute an external command to check servers' health */ - free(curproxy->check_req); - curproxy->check_req = NULL; - curproxy->options2 &= ~PR_O2_CHK_ANY; - curproxy->options2 |= PR_O2_EXT_CHK; - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[1], "forwardfor")) { - int cur_arg; - - /* insert x-forwarded-for field, but not for the IP address listed as an except. - * set default options (ie: bitfield, header name, etc) - */ - - curproxy->options |= PR_O_FWDFOR | PR_O_FF_ALWAYS; - - free(curproxy->fwdfor_hdr_name); - curproxy->fwdfor_hdr_name = strdup(DEF_XFORWARDFOR_HDR); - curproxy->fwdfor_hdr_len = strlen(DEF_XFORWARDFOR_HDR); - - /* loop to go through arguments - start at 2, since 0+1 = "option" "forwardfor" */ - cur_arg = 2; - while (*(args[cur_arg])) { - if (!strcmp(args[cur_arg], "except")) { - /* suboption except - needs additional argument for it */ - if (!*(args[cur_arg+1]) || !str2net(args[cur_arg+1], 1, &curproxy->except_net, &curproxy->except_mask)) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects
[/mask] as argument.\n", - file, linenum, args[0], args[1], args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - /* flush useless bits */ - curproxy->except_net.s_addr &= curproxy->except_mask.s_addr; - cur_arg += 2; - } else if (!strcmp(args[cur_arg], "header")) { - /* suboption header - needs additional argument for it */ - if (*(args[cur_arg+1]) == 0) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument.\n", - file, linenum, args[0], args[1], args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->fwdfor_hdr_name); - curproxy->fwdfor_hdr_name = strdup(args[cur_arg+1]); - curproxy->fwdfor_hdr_len = strlen(curproxy->fwdfor_hdr_name); - cur_arg += 2; - } else if (!strcmp(args[cur_arg], "if-none")) { - curproxy->options &= ~PR_O_FF_ALWAYS; - cur_arg += 1; - } else { - /* unknown suboption - catchall */ - ha_alert("parsing [%s:%d] : '%s %s' only supports optional values: 'except', 'header' and 'if-none'.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } /* end while loop */ - } - else if (!strcmp(args[1], "originalto")) { - int cur_arg; - - /* insert x-original-to field, but not for the IP address listed as an except. - * set default options (ie: bitfield, header name, etc) - */ - - curproxy->options |= PR_O_ORGTO; - - free(curproxy->orgto_hdr_name); - curproxy->orgto_hdr_name = strdup(DEF_XORIGINALTO_HDR); - curproxy->orgto_hdr_len = strlen(DEF_XORIGINALTO_HDR); - - /* loop to go through arguments - start at 2, since 0+1 = "option" "originalto" */ - cur_arg = 2; - while (*(args[cur_arg])) { - if (!strcmp(args[cur_arg], "except")) { - /* suboption except - needs additional argument for it */ - if (!*(args[cur_arg+1]) || !str2net(args[cur_arg+1], 1, &curproxy->except_to, &curproxy->except_mask_to)) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects
[/mask] as argument.\n", - file, linenum, args[0], args[1], args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - /* flush useless bits */ - curproxy->except_to.s_addr &= curproxy->except_mask_to.s_addr; - cur_arg += 2; - } else if (!strcmp(args[cur_arg], "header")) { - /* suboption header - needs additional argument for it */ - if (*(args[cur_arg+1]) == 0) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument.\n", - file, linenum, args[0], args[1], args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->orgto_hdr_name); - curproxy->orgto_hdr_name = strdup(args[cur_arg+1]); - curproxy->orgto_hdr_len = strlen(curproxy->orgto_hdr_name); - cur_arg += 2; - } else { - /* unknown suboption - catchall */ - ha_alert("parsing [%s:%d] : '%s %s' only supports optional values: 'except' and 'header'.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } /* end while loop */ - } - else { - ha_alert("parsing [%s:%d] : unknown option '%s'.\n", file, linenum, args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - goto out; - } - else if (!strcmp(args[0], "default_backend")) { - if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects a backend name.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->defbe.name); - curproxy->defbe.name = strdup(args[1]); - - if (alertif_too_many_args_idx(1, 0, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[0], "redispatch") || !strcmp(args[0], "redisp")) { - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (!already_warned(WARN_REDISPATCH_DEPRECATED)) - ha_warning("parsing [%s:%d]: keyword '%s' is deprecated in favor of 'option redispatch', and will not be supported by future versions.\n", - file, linenum, args[0]); - err_code |= ERR_WARN; - /* enable reconnections to dispatch */ - curproxy->options |= PR_O_REDISP; - - if (alertif_too_many_args_idx(1, 0, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[0], "http-reuse")) { - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (strcmp(args[1], "never") == 0) { - /* enable a graceful server shutdown on an HTTP 404 response */ - curproxy->options &= ~PR_O_REUSE_MASK; - curproxy->options |= PR_O_REUSE_NEVR; - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - } - else if (strcmp(args[1], "safe") == 0) { - /* enable a graceful server shutdown on an HTTP 404 response */ - curproxy->options &= ~PR_O_REUSE_MASK; - curproxy->options |= PR_O_REUSE_SAFE; - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - } - else if (strcmp(args[1], "aggressive") == 0) { - curproxy->options &= ~PR_O_REUSE_MASK; - curproxy->options |= PR_O_REUSE_AGGR; - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - } - else if (strcmp(args[1], "always") == 0) { - /* enable a graceful server shutdown on an HTTP 404 response */ - curproxy->options &= ~PR_O_REUSE_MASK; - curproxy->options |= PR_O_REUSE_ALWS; - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - } - else { - ha_alert("parsing [%s:%d] : '%s' only supports 'never', 'safe', 'aggressive', 'always'.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "http-check")) { - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (strcmp(args[1], "disable-on-404") == 0) { - /* enable a graceful server shutdown on an HTTP 404 response */ - curproxy->options |= PR_O_DISABLE404; - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - } - else if (strcmp(args[1], "send-state") == 0) { - /* enable emission of the apparent state of a server in HTTP checks */ - curproxy->options2 |= PR_O2_CHK_SNDST; - if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) - goto out; - } - else if (strcmp(args[1], "expect") == 0) { - const char *ptr_arg; - int cur_arg; - - if (curproxy->options2 & PR_O2_EXP_TYPE) { - ha_alert("parsing [%s:%d] : '%s %s' already specified.\n", file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - cur_arg = 2; - /* consider exclamation marks, sole or at the beginning of a word */ - while (*(ptr_arg = args[cur_arg])) { - while (*ptr_arg == '!') { - curproxy->options2 ^= PR_O2_EXP_INV; - ptr_arg++; - } - if (*ptr_arg) - break; - cur_arg++; - } - /* now ptr_arg points to the beginning of a word past any possible - * exclamation mark, and cur_arg is the argument which holds this word. - */ - if (strcmp(ptr_arg, "status") == 0) { - if (!*(args[cur_arg + 1])) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", - file, linenum, args[0], args[1], ptr_arg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->options2 |= PR_O2_EXP_STS; - free(curproxy->expect_str); - curproxy->expect_str = strdup(args[cur_arg + 1]); - } - else if (strcmp(ptr_arg, "string") == 0) { - if (!*(args[cur_arg + 1])) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", - file, linenum, args[0], args[1], ptr_arg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->options2 |= PR_O2_EXP_STR; - free(curproxy->expect_str); - curproxy->expect_str = strdup(args[cur_arg + 1]); - } - else if (strcmp(ptr_arg, "rstatus") == 0) { - if (!*(args[cur_arg + 1])) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", - file, linenum, args[0], args[1], ptr_arg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->options2 |= PR_O2_EXP_RSTS; - free(curproxy->expect_str); - if (curproxy->expect_regex) { - regex_free(curproxy->expect_regex); - free(curproxy->expect_regex); - curproxy->expect_regex = NULL; - } - curproxy->expect_str = strdup(args[cur_arg + 1]); - curproxy->expect_regex = calloc(1, sizeof(*curproxy->expect_regex)); - error = NULL; - if (!regex_comp(args[cur_arg + 1], curproxy->expect_regex, 1, 1, &error)) { - ha_alert("parsing [%s:%d] : '%s %s %s' : bad regular expression '%s': %s.\n", - file, linenum, args[0], args[1], ptr_arg, args[cur_arg + 1], error); - free(error); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (strcmp(ptr_arg, "rstring") == 0) { - if (!*(args[cur_arg + 1])) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", - file, linenum, args[0], args[1], ptr_arg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->options2 |= PR_O2_EXP_RSTR; - free(curproxy->expect_str); - if (curproxy->expect_regex) { - regex_free(curproxy->expect_regex); - free(curproxy->expect_regex); - curproxy->expect_regex = NULL; - } - curproxy->expect_str = strdup(args[cur_arg + 1]); - curproxy->expect_regex = calloc(1, sizeof(*curproxy->expect_regex)); - error = NULL; - if (!regex_comp(args[cur_arg + 1], curproxy->expect_regex, 1, 1, &error)) { - ha_alert("parsing [%s:%d] : '%s %s %s' : bad regular expression '%s': %s.\n", - file, linenum, args[0], args[1], ptr_arg, args[cur_arg + 1], error); - free(error); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else { - ha_alert("parsing [%s:%d] : '%s %s' only supports [!] 'status', 'string', 'rstatus', 'rstring', found '%s'.\n", - file, linenum, args[0], args[1], ptr_arg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else { - ha_alert("parsing [%s:%d] : '%s' only supports 'disable-on-404', 'send-state', 'expect'.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "tcp-check")) { - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (strcmp(args[1], "comment") == 0) { - int cur_arg; - struct tcpcheck_rule *tcpcheck; - - cur_arg = 1; - tcpcheck = calloc(1, sizeof(*tcpcheck)); - tcpcheck->action = TCPCHK_ACT_COMMENT; - - if (!*args[cur_arg + 1]) { - ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", - file, linenum, args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - tcpcheck->comment = strdup(args[cur_arg + 1]); - - LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); - if (alertif_too_many_args_idx(1, 1, file, linenum, args, &err_code)) - goto out; - } - else if (strcmp(args[1], "connect") == 0) { - const char *ptr_arg; - int cur_arg; - struct tcpcheck_rule *tcpcheck; - - /* check if first rule is also a 'connect' action */ - tcpcheck = LIST_NEXT(&curproxy->tcpcheck_rules, struct tcpcheck_rule *, list); - while (&tcpcheck->list != &curproxy->tcpcheck_rules && - tcpcheck->action == TCPCHK_ACT_COMMENT) { - tcpcheck = LIST_NEXT(&tcpcheck->list, struct tcpcheck_rule *, list); - } - - if (&tcpcheck->list != &curproxy->tcpcheck_rules - && tcpcheck->action != TCPCHK_ACT_CONNECT) { - ha_alert("parsing [%s:%d] : first step MUST also be a 'connect' when there is a 'connect' step in the tcp-check ruleset.\n", - file, linenum); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - cur_arg = 2; - tcpcheck = calloc(1, sizeof(*tcpcheck)); - tcpcheck->action = TCPCHK_ACT_CONNECT; - - /* parsing each parameters to fill up the rule */ - while (*(ptr_arg = args[cur_arg])) { - /* tcp port */ - if (strcmp(args[cur_arg], "port") == 0) { - if ( (atol(args[cur_arg + 1]) > 65535) || - (atol(args[cur_arg + 1]) < 1) ){ - ha_alert("parsing [%s:%d] : '%s %s %s' expects a valid TCP port (from range 1 to 65535), got %s.\n", - file, linenum, args[0], args[1], "port", args[cur_arg + 1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - tcpcheck->port = atol(args[cur_arg + 1]); - cur_arg += 2; - } - /* send proxy protocol */ - else if (strcmp(args[cur_arg], "send-proxy") == 0) { - tcpcheck->conn_opts |= TCPCHK_OPT_SEND_PROXY; - cur_arg++; - } -#ifdef USE_OPENSSL - else if (strcmp(args[cur_arg], "ssl") == 0) { - curproxy->options |= PR_O_TCPCHK_SSL; - tcpcheck->conn_opts |= TCPCHK_OPT_SSL; - cur_arg++; - } -#endif /* USE_OPENSSL */ - /* comment for this tcpcheck line */ - else if (strcmp(args[cur_arg], "comment") == 0) { - if (!*args[cur_arg + 1]) { - ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", - file, linenum, args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - tcpcheck->comment = strdup(args[cur_arg + 1]); - cur_arg += 2; - } - else { -#ifdef USE_OPENSSL - ha_alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or 'ssl' but got '%s' as argument.\n", -#else /* USE_OPENSSL */ - ha_alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or but got '%s' as argument.\n", -#endif /* USE_OPENSSL */ - file, linenum, args[0], args[1], args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - } - - LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); - } - else if (strcmp(args[1], "send") == 0) { - if (! *(args[2]) ) { - /* SEND string expected */ - ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument.\n", - file, linenum, args[0], args[1], args[2]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } else { - struct tcpcheck_rule *tcpcheck; - - tcpcheck = calloc(1, sizeof(*tcpcheck)); - - tcpcheck->action = TCPCHK_ACT_SEND; - tcpcheck->string_len = strlen(args[2]); - tcpcheck->string = strdup(args[2]); - tcpcheck->expect_regex = NULL; - - /* comment for this tcpcheck line */ - if (strcmp(args[3], "comment") == 0) { - if (!*args[4]) { - ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", - file, linenum, args[3]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - tcpcheck->comment = strdup(args[4]); - } - - LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); - } - } - else if (strcmp(args[1], "send-binary") == 0) { - if (! *(args[2]) ) { - /* SEND binary string expected */ - ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument.\n", - file, linenum, args[0], args[1], args[2]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } else { - struct tcpcheck_rule *tcpcheck; - char *err = NULL; - - tcpcheck = calloc(1, sizeof(*tcpcheck)); - - tcpcheck->action = TCPCHK_ACT_SEND; - if (parse_binary(args[2], &tcpcheck->string, &tcpcheck->string_len, &err) == 0) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument, but %s\n", - file, linenum, args[0], args[1], args[2], err); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - tcpcheck->expect_regex = NULL; - - /* comment for this tcpcheck line */ - if (strcmp(args[3], "comment") == 0) { - if (!*args[4]) { - ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", - file, linenum, args[3]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - tcpcheck->comment = strdup(args[4]); - } - - LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); - } - } - else if (strcmp(args[1], "expect") == 0) { - const char *ptr_arg; - int cur_arg; - int inverse = 0; - - if (curproxy->options2 & PR_O2_EXP_TYPE) { - ha_alert("parsing [%s:%d] : '%s %s' already specified.\n", file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - cur_arg = 2; - /* consider exclamation marks, sole or at the beginning of a word */ - while (*(ptr_arg = args[cur_arg])) { - while (*ptr_arg == '!') { - inverse = !inverse; - ptr_arg++; - } - if (*ptr_arg) - break; - cur_arg++; - } - /* now ptr_arg points to the beginning of a word past any possible - * exclamation mark, and cur_arg is the argument which holds this word. - */ - if (strcmp(ptr_arg, "binary") == 0) { - struct tcpcheck_rule *tcpcheck; - char *err = NULL; - - if (!*(args[cur_arg + 1])) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", - file, linenum, args[0], args[1], ptr_arg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - tcpcheck = calloc(1, sizeof(*tcpcheck)); - - tcpcheck->action = TCPCHK_ACT_EXPECT; - if (parse_binary(args[cur_arg + 1], &tcpcheck->string, &tcpcheck->string_len, &err) == 0) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as argument, but %s\n", - file, linenum, args[0], args[1], args[2], err); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - tcpcheck->expect_regex = NULL; - tcpcheck->inverse = inverse; - - /* tcpcheck comment */ - cur_arg += 2; - if (strcmp(args[cur_arg], "comment") == 0) { - if (!*args[cur_arg + 1]) { - ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", - file, linenum, args[cur_arg + 1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - tcpcheck->comment = strdup(args[cur_arg + 1]); - } - - LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); - } - else if (strcmp(ptr_arg, "string") == 0) { - struct tcpcheck_rule *tcpcheck; - - if (!*(args[cur_arg + 1])) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", - file, linenum, args[0], args[1], ptr_arg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - tcpcheck = calloc(1, sizeof(*tcpcheck)); - - tcpcheck->action = TCPCHK_ACT_EXPECT; - tcpcheck->string_len = strlen(args[cur_arg + 1]); - tcpcheck->string = strdup(args[cur_arg + 1]); - tcpcheck->expect_regex = NULL; - tcpcheck->inverse = inverse; - - /* tcpcheck comment */ - cur_arg += 2; - if (strcmp(args[cur_arg], "comment") == 0) { - if (!*args[cur_arg + 1]) { - ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", - file, linenum, args[cur_arg + 1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - tcpcheck->comment = strdup(args[cur_arg + 1]); - } - - LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); - } - else if (strcmp(ptr_arg, "rstring") == 0) { - struct tcpcheck_rule *tcpcheck; - - if (!*(args[cur_arg + 1])) { - ha_alert("parsing [%s:%d] : '%s %s %s' expects as an argument.\n", - file, linenum, args[0], args[1], ptr_arg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - tcpcheck = calloc(1, sizeof(*tcpcheck)); - - tcpcheck->action = TCPCHK_ACT_EXPECT; - tcpcheck->string_len = 0; - tcpcheck->string = NULL; - tcpcheck->expect_regex = calloc(1, sizeof(*tcpcheck->expect_regex)); - error = NULL; - if (!regex_comp(args[cur_arg + 1], tcpcheck->expect_regex, 1, 1, &error)) { - ha_alert("parsing [%s:%d] : '%s %s %s' : bad regular expression '%s': %s.\n", - file, linenum, args[0], args[1], ptr_arg, args[cur_arg + 1], error); - free(error); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - tcpcheck->inverse = inverse; - - /* tcpcheck comment */ - cur_arg += 2; - if (strcmp(args[cur_arg], "comment") == 0) { - if (!*args[cur_arg + 1]) { - ha_alert("parsing [%s:%d] : '%s' expects a comment string.\n", - file, linenum, args[cur_arg + 1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - tcpcheck->comment = strdup(args[cur_arg + 1]); - } - - LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list); - } - else { - ha_alert("parsing [%s:%d] : '%s %s' only supports [!] 'binary', 'string', 'rstring', found '%s'.\n", - file, linenum, args[0], args[1], ptr_arg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else { - ha_alert("parsing [%s:%d] : '%s' only supports 'comment', 'connect', 'send' or 'expect'.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "monitor")) { - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (strcmp(args[1], "fail") == 0) { - /* add a condition to fail monitor requests */ - if (strcmp(args[2], "if") != 0 && strcmp(args[2], "unless") != 0) { - ha_alert("parsing [%s:%d] : '%s %s' requires either 'if' or 'unless' followed by a condition.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - err_code |= warnif_misplaced_monitor(curproxy, file, linenum, "monitor fail"); - if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + 2, &errmsg)) == NULL) { - ha_alert("parsing [%s:%d] : error detected while parsing a '%s %s' condition : %s.\n", - file, linenum, args[0], args[1], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - LIST_ADDQ(&curproxy->mon_fail_cond, &cond->list); - } - else { - ha_alert("parsing [%s:%d] : '%s' only supports 'fail'.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } -#ifdef TPROXY - else if (!strcmp(args[0], "transparent")) { - /* enable transparent proxy connections */ - curproxy->options |= PR_O_TRANSP; - if (alertif_too_many_args(0, file, linenum, args, &err_code)) - goto out; - } -#endif - else if (!strcmp(args[0], "maxconn")) { /* maxconn */ - if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], " Maybe you want 'fullconn' instead ?")) - err_code |= ERR_WARN; - - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->maxconn = atol(args[1]); - if (alertif_too_many_args(1, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[0], "backlog")) { /* backlog */ - if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->backlog = atol(args[1]); - if (alertif_too_many_args(1, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[0], "fullconn")) { /* fullconn */ - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], " Maybe you want 'maxconn' instead ?")) - err_code |= ERR_WARN; - - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->fullconn = atol(args[1]); - if (alertif_too_many_args(1, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[0], "grace")) { /* grace time (ms) */ - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects a time in milliseconds.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - err = parse_time_err(args[1], &val, TIME_UNIT_MS); - if (err) { - ha_alert("parsing [%s:%d] : unexpected character '%c' in grace time.\n", - file, linenum, *err); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->grace = val; - if (alertif_too_many_args(1, file, linenum, args, &err_code)) - goto out; - } - else if (!strcmp(args[0], "dispatch")) { /* dispatch address */ - struct sockaddr_storage *sk; - int port1, port2; - struct protocol *proto; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - else if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1); - if (!sk) { - ha_alert("parsing [%s:%d] : '%s' : %s\n", file, linenum, args[0], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - proto = protocol_by_family(sk->ss_family); - if (!proto || !proto->connect) { - ha_alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (port1 != port2) { - ha_alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (!port1) { - ha_alert("parsing [%s:%d] : '%s' : missing port number in '%s', expected.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (alertif_too_many_args(1, file, linenum, args, &err_code)) - goto out; - - curproxy->dispatch_addr = *sk; - curproxy->options |= PR_O_DISPATCH; - } - else if (!strcmp(args[0], "balance")) { /* set balancing with optional algorithm */ - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (backend_parse_balance((const char **)args + 1, &errmsg, curproxy) < 0) { - ha_alert("parsing [%s:%d] : %s %s\n", file, linenum, args[0], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "hash-type")) { /* set hashing method */ - /** - * The syntax for hash-type config element is - * hash-type {map-based|consistent} [[] avalanche] - * - * The default hash function is sdbm for map-based and sdbm+avalanche for consistent. - */ - curproxy->lbprm.algo &= ~(BE_LB_HASH_TYPE | BE_LB_HASH_FUNC | BE_LB_HASH_MOD); - - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (strcmp(args[1], "consistent") == 0) { /* use consistent hashing */ - curproxy->lbprm.algo |= BE_LB_HASH_CONS; - } - else if (strcmp(args[1], "map-based") == 0) { /* use map-based hashing */ - curproxy->lbprm.algo |= BE_LB_HASH_MAP; - } - else if (strcmp(args[1], "avalanche") == 0) { - ha_alert("parsing [%s:%d] : experimental feature '%s %s' is not supported anymore, please use '%s map-based sdbm avalanche' instead.\n", file, linenum, args[0], args[1], args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - else { - ha_alert("parsing [%s:%d] : '%s' only supports 'consistent' and 'map-based'.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - /* set the hash function to use */ - if (!*args[2]) { - /* the default algo is sdbm */ - curproxy->lbprm.algo |= BE_LB_HFCN_SDBM; - - /* if consistent with no argument, then avalanche modifier is also applied */ - if ((curproxy->lbprm.algo & BE_LB_HASH_TYPE) == BE_LB_HASH_CONS) - curproxy->lbprm.algo |= BE_LB_HMOD_AVAL; - } else { - /* set the hash function */ - if (!strcmp(args[2], "sdbm")) { - curproxy->lbprm.algo |= BE_LB_HFCN_SDBM; - } - else if (!strcmp(args[2], "djb2")) { - curproxy->lbprm.algo |= BE_LB_HFCN_DJB2; - } - else if (!strcmp(args[2], "wt6")) { - curproxy->lbprm.algo |= BE_LB_HFCN_WT6; - } - else if (!strcmp(args[2], "crc32")) { - curproxy->lbprm.algo |= BE_LB_HFCN_CRC32; - } - else { - ha_alert("parsing [%s:%d] : '%s' only supports 'sdbm', 'djb2', 'crc32', or 'wt6' hash functions.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - /* set the hash modifier */ - if (!strcmp(args[3], "avalanche")) { - curproxy->lbprm.algo |= BE_LB_HMOD_AVAL; - } - else if (*args[3]) { - ha_alert("parsing [%s:%d] : '%s' only supports 'avalanche' as a modifier for hash functions.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - } - else if (strcmp(args[0], "hash-balance-factor") == 0) { - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->lbprm.chash.balance_factor = atol(args[1]); - if (curproxy->lbprm.chash.balance_factor != 0 && curproxy->lbprm.chash.balance_factor <= 100) { - ha_alert("parsing [%s:%d] : '%s' must be 0 or greater than 100.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (strcmp(args[0], "unique-id-format") == 0) { - if (!*(args[1])) { - ha_alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if (*(args[2])) { - ha_alert("parsing [%s:%d] : %s expects only one argument, don't forget to escape spaces!\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->conf.uniqueid_format_string); - curproxy->conf.uniqueid_format_string = strdup(args[1]); - - free(curproxy->conf.uif_file); - curproxy->conf.uif_file = strdup(curproxy->conf.args.file); - curproxy->conf.uif_line = curproxy->conf.args.line; - } - - else if (strcmp(args[0], "unique-id-header") == 0) { - if (!*(args[1])) { - ha_alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->header_unique_id); - curproxy->header_unique_id = strdup(args[1]); - } - - else if (strcmp(args[0], "log-format") == 0) { - if (!*(args[1])) { - ha_alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if (*(args[2])) { - ha_alert("parsing [%s:%d] : %s expects only one argument, don't forget to escape spaces!\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if (curproxy->conf.logformat_string && curproxy == &defproxy) { - char *oldlogformat = "log-format"; - - if (curproxy->conf.logformat_string == default_http_log_format) - oldlogformat = "option httplog"; - else if (curproxy->conf.logformat_string == default_tcp_log_format) - oldlogformat = "option tcplog"; - else if (curproxy->conf.logformat_string == clf_http_log_format) - oldlogformat = "option httplog clf"; - ha_warning("parsing [%s:%d]: 'log-format' overrides previous '%s' in 'defaults' section.\n", - file, linenum, oldlogformat); - } - if (curproxy->conf.logformat_string != default_http_log_format && - curproxy->conf.logformat_string != default_tcp_log_format && - curproxy->conf.logformat_string != clf_http_log_format) - free(curproxy->conf.logformat_string); - curproxy->conf.logformat_string = strdup(args[1]); - - free(curproxy->conf.lfs_file); - curproxy->conf.lfs_file = strdup(curproxy->conf.args.file); - curproxy->conf.lfs_line = curproxy->conf.args.line; - - /* get a chance to improve log-format error reporting by - * reporting the correct line-number when possible. - */ - if (curproxy != &defproxy && !(curproxy->cap & PR_CAP_FE)) { - ha_warning("parsing [%s:%d] : backend '%s' : 'log-format' directive is ignored in backends.\n", - file, linenum, curproxy->id); - err_code |= ERR_WARN; - } - } - else if (!strcmp(args[0], "log-format-sd")) { - if (!*(args[1])) { - ha_alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - if (*(args[2])) { - ha_alert("parsing [%s:%d] : %s expects only one argument, don't forget to escape spaces!\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (curproxy->conf.logformat_sd_string != default_rfc5424_sd_log_format) - free(curproxy->conf.logformat_sd_string); - curproxy->conf.logformat_sd_string = strdup(args[1]); - - free(curproxy->conf.lfsd_file); - curproxy->conf.lfsd_file = strdup(curproxy->conf.args.file); - curproxy->conf.lfsd_line = curproxy->conf.args.line; - - /* get a chance to improve log-format-sd error reporting by - * reporting the correct line-number when possible. - */ - if (curproxy != &defproxy && !(curproxy->cap & PR_CAP_FE)) { - ha_warning("parsing [%s:%d] : backend '%s' : 'log-format-sd' directive is ignored in backends.\n", - file, linenum, curproxy->id); - err_code |= ERR_WARN; - } - } - else if (!strcmp(args[0], "log-tag")) { /* tag to report to syslog */ - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects a tag for use in syslog.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - chunk_destroy(&curproxy->log_tag); - chunk_initstr(&curproxy->log_tag, strdup(args[1])); - } - else if (!strcmp(args[0], "log")) { /* "no log" or "log ..." */ - if (!parse_logsrv(args, &curproxy->logsrvs, (kwm == KWM_NO), &errmsg)) { - ha_alert("parsing [%s:%d] : %s : %s\n", file, linenum, args[0], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "source")) { /* address to which we bind when connecting */ - int cur_arg; - int port1, port2; - struct sockaddr_storage *sk; - struct protocol *proto; - - if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (!*args[1]) { - ha_alert("parsing [%s:%d] : '%s' expects [:], and optionally '%s' , and '%s' .\n", - file, linenum, "source", "usesrc", "interface"); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - /* we must first clear any optional default setting */ - curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK; - free(curproxy->conn_src.iface_name); - curproxy->conn_src.iface_name = NULL; - curproxy->conn_src.iface_len = 0; - - sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1); - if (!sk) { - ha_alert("parsing [%s:%d] : '%s %s' : %s\n", - file, linenum, args[0], args[1], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - proto = protocol_by_family(sk->ss_family); - if (!proto || !proto->connect) { - ha_alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (port1 != port2) { - ha_alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'\n", - file, linenum, args[0], args[1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - curproxy->conn_src.source_addr = *sk; - curproxy->conn_src.opts |= CO_SRC_BIND; - - cur_arg = 2; - while (*(args[cur_arg])) { - if (!strcmp(args[cur_arg], "usesrc")) { /* address to use outside */ -#if defined(CONFIG_HAP_TRANSPARENT) - if (!*args[cur_arg + 1]) { - ha_alert("parsing [%s:%d] : '%s' expects [:], 'client', or 'clientip' as argument.\n", - file, linenum, "usesrc"); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (!strcmp(args[cur_arg + 1], "client")) { - curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK; - curproxy->conn_src.opts |= CO_SRC_TPROXY_CLI; - } else if (!strcmp(args[cur_arg + 1], "clientip")) { - curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK; - curproxy->conn_src.opts |= CO_SRC_TPROXY_CIP; - } else if (!strncmp(args[cur_arg + 1], "hdr_ip(", 7)) { - char *name, *end; - - name = args[cur_arg+1] + 7; - while (isspace(*name)) - name++; - - end = name; - while (*end && !isspace(*end) && *end != ',' && *end != ')') - end++; - - curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK; - curproxy->conn_src.opts |= CO_SRC_TPROXY_DYN; - curproxy->conn_src.bind_hdr_name = calloc(1, end - name + 1); - curproxy->conn_src.bind_hdr_len = end - name; - memcpy(curproxy->conn_src.bind_hdr_name, name, end - name); - curproxy->conn_src.bind_hdr_name[end-name] = '\0'; - curproxy->conn_src.bind_hdr_occ = -1; - - /* now look for an occurrence number */ - while (isspace(*end)) - end++; - if (*end == ',') { - end++; - name = end; - if (*end == '-') - end++; - while (isdigit((int)*end)) - end++; - curproxy->conn_src.bind_hdr_occ = strl2ic(name, end-name); - } - - if (curproxy->conn_src.bind_hdr_occ < -MAX_HDR_HISTORY) { - ha_alert("parsing [%s:%d] : usesrc hdr_ip(name,num) does not support negative" - " occurrences values smaller than %d.\n", - file, linenum, MAX_HDR_HISTORY); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } else { - struct sockaddr_storage *sk; - - sk = str2sa_range(args[cur_arg + 1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1); - if (!sk) { - ha_alert("parsing [%s:%d] : '%s %s' : %s\n", - file, linenum, args[cur_arg], args[cur_arg+1], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - proto = protocol_by_family(sk->ss_family); - if (!proto || !proto->connect) { - ha_alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n", - file, linenum, args[cur_arg], args[cur_arg+1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (port1 != port2) { - ha_alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'\n", - file, linenum, args[cur_arg], args[cur_arg + 1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - curproxy->conn_src.tproxy_addr = *sk; - curproxy->conn_src.opts |= CO_SRC_TPROXY_ADDR; - } - global.last_checks |= LSTCHK_NETADM; -#else /* no TPROXY support */ - ha_alert("parsing [%s:%d] : '%s' not allowed here because support for TPROXY was not compiled in.\n", - file, linenum, "usesrc"); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; -#endif - cur_arg += 2; - continue; - } - - if (!strcmp(args[cur_arg], "interface")) { /* specifically bind to this interface */ -#ifdef SO_BINDTODEVICE - if (!*args[cur_arg + 1]) { - ha_alert("parsing [%s:%d] : '%s' : missing interface name.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - free(curproxy->conn_src.iface_name); - curproxy->conn_src.iface_name = strdup(args[cur_arg + 1]); - curproxy->conn_src.iface_len = strlen(curproxy->conn_src.iface_name); - global.last_checks |= LSTCHK_NETADM; -#else - ha_alert("parsing [%s:%d] : '%s' : '%s' option not implemented.\n", - file, linenum, args[0], args[cur_arg]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; -#endif - cur_arg += 2; - continue; - } - ha_alert("parsing [%s:%d] : '%s' only supports optional keywords '%s' and '%s'.\n", - file, linenum, args[0], "interface", "usesrc"); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - } - else if (!strcmp(args[0], "usesrc")) { /* address to use outside: needs "source" first */ - ha_alert("parsing [%s:%d] : '%s' only allowed after a '%s' statement.\n", - file, linenum, "usesrc", "source"); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - else if (!strcmp(args[0], "cliexp") || !strcmp(args[0], "reqrep")) { /* replace request header from a regex */ - if (*(args[2]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects and as arguments.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_REQ, ACT_REPLACE, 0, - args[0], args[1], args[2], (const char **)args+3); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "reqdel")) { /* delete request header from a regex */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_REQ, ACT_REMOVE, 0, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "reqdeny")) { /* deny a request if a header matches this regex */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_REQ, ACT_DENY, 0, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "reqpass")) { /* pass this header without allowing or denying the request */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_REQ, ACT_PASS, 0, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "reqallow")) { /* allow a request if a header matches this regex */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_REQ, ACT_ALLOW, 0, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "reqtarpit")) { /* tarpit a request if a header matches this regex */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_REQ, ACT_TARPIT, 0, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "reqirep")) { /* replace request header from a regex, ignoring case */ - if (*(args[2]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects and as arguments.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_REQ, ACT_REPLACE, REG_ICASE, - args[0], args[1], args[2], (const char **)args+3); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "reqidel")) { /* delete request header from a regex ignoring case */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_REQ, ACT_REMOVE, REG_ICASE, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "reqideny")) { /* deny a request if a header matches this regex ignoring case */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_REQ, ACT_DENY, REG_ICASE, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "reqipass")) { /* pass this header without allowing or denying the request */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_REQ, ACT_PASS, REG_ICASE, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "reqiallow")) { /* allow a request if a header matches this regex ignoring case */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_REQ, ACT_ALLOW, REG_ICASE, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "reqitarpit")) { /* tarpit a request if a header matches this regex ignoring case */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_REQ, ACT_TARPIT, REG_ICASE, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "reqadd")) { /* add request header */ - struct cond_wordlist *wl; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - else if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects
as an argument.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if ((strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0)) { - if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args+2, &errmsg)) == NULL) { - ha_alert("parsing [%s:%d] : error detected while parsing a '%s' condition : %s.\n", - file, linenum, args[0], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - err_code |= warnif_cond_conflicts(cond, - (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, - file, linenum); - } - else if (*args[2]) { - ha_alert("parsing [%s:%d] : '%s' : Expecting nothing, 'if', or 'unless', got '%s'.\n", - file, linenum, args[0], args[2]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - wl = calloc(1, sizeof(*wl)); - wl->cond = cond; - wl->s = strdup(args[1]); - LIST_ADDQ(&curproxy->req_add, &wl->list); - warnif_misplaced_reqadd(curproxy, file, linenum, args[0]); - } - else if (!strcmp(args[0], "srvexp") || !strcmp(args[0], "rsprep")) { /* replace response header from a regex */ - if (*(args[2]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects and as arguments.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_RES, ACT_REPLACE, 0, - args[0], args[1], args[2], (const char **)args+3); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "rspdel")) { /* delete response header from a regex */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_RES, ACT_REMOVE, 0, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "rspdeny")) { /* block response header from a regex */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_RES, ACT_DENY, 0, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "rspirep")) { /* replace response header from a regex ignoring case */ - if (*(args[2]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects and as arguments.\n", - file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_RES, ACT_REPLACE, REG_ICASE, - args[0], args[1], args[2], (const char **)args+3); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "rspidel")) { /* delete response header from a regex ignoring case */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_RES, ACT_REMOVE, REG_ICASE, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "rspideny")) { /* block response header from a regex ignoring case */ - err_code |= create_cond_regex_rule(file, linenum, curproxy, - SMP_OPT_DIR_RES, ACT_DENY, REG_ICASE, - args[0], args[1], NULL, (const char **)args+2); - if (err_code & ERR_FATAL) - goto out; - } - else if (!strcmp(args[0], "rspadd")) { /* add response header */ - struct cond_wordlist *wl; - - if (curproxy == &defproxy) { - ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - else if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (*(args[1]) == 0) { - ha_alert("parsing [%s:%d] : '%s' expects
as an argument.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if ((strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0)) { - if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args+2, &errmsg)) == NULL) { - ha_alert("parsing [%s:%d] : error detected while parsing a '%s' condition : %s.\n", - file, linenum, args[0], errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - err_code |= warnif_cond_conflicts(cond, - (curproxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR, - file, linenum); - } - else if (*args[2]) { - ha_alert("parsing [%s:%d] : '%s' : Expecting nothing, 'if', or 'unless', got '%s'.\n", - file, linenum, args[0], args[2]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - wl = calloc(1, sizeof(*wl)); - wl->cond = cond; - wl->s = strdup(args[1]); - LIST_ADDQ(&curproxy->rsp_add, &wl->list); - } - else if (!strcmp(args[0], "errorloc") || - !strcmp(args[0], "errorloc302") || - !strcmp(args[0], "errorloc303")) { /* error location */ - int errnum, errlen; - char *err; - - if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (*(args[2]) == 0) { - ha_alert("parsing [%s:%d] : <%s> expects and as arguments.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - errnum = atol(args[1]); - if (!strcmp(args[0], "errorloc303")) { - errlen = strlen(HTTP_303) + strlen(args[2]) + 5; - err = malloc(errlen); - errlen = snprintf(err, errlen, "%s%s\r\n\r\n", HTTP_303, args[2]); - } else { - errlen = strlen(HTTP_302) + strlen(args[2]) + 5; - err = malloc(errlen); - errlen = snprintf(err, errlen, "%s%s\r\n\r\n", HTTP_302, args[2]); - } - - for (rc = 0; rc < HTTP_ERR_SIZE; rc++) { - if (http_err_codes[rc] == errnum) { - chunk_destroy(&curproxy->errmsg[rc]); - chunk_initlen(&curproxy->errmsg[rc], err, errlen, errlen); - break; - } - } - - if (rc >= HTTP_ERR_SIZE) { - ha_warning("parsing [%s:%d] : status code %d not handled by '%s', error relocation will be ignored.\n", - file, linenum, errnum, args[0]); - free(err); - } - } - else if (!strcmp(args[0], "errorfile")) { /* error message from a file */ - int errnum, errlen, fd; - char *err; - struct stat stat; - - if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL)) - err_code |= ERR_WARN; - - if (*(args[2]) == 0) { - ha_alert("parsing [%s:%d] : <%s> expects and as arguments.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - fd = open(args[2], O_RDONLY); - if ((fd < 0) || (fstat(fd, &stat) < 0)) { - ha_alert("parsing [%s:%d] : error opening file <%s> for custom error message <%s>.\n", - file, linenum, args[2], args[1]); - if (fd >= 0) - close(fd); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - - if (stat.st_size <= global.tune.bufsize) { - errlen = stat.st_size; - } else { - ha_warning("parsing [%s:%d] : custom error message file <%s> larger than %d bytes. Truncating.\n", - file, linenum, args[2], global.tune.bufsize); - err_code |= ERR_WARN; - errlen = global.tune.bufsize; - } - - err = malloc(errlen); /* malloc() must succeed during parsing */ - errnum = read(fd, err, errlen); - if (errnum != errlen) { - ha_alert("parsing [%s:%d] : error reading file <%s> for custom error message <%s>.\n", - file, linenum, args[2], args[1]); - close(fd); - free(err); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - close(fd); - - errnum = atol(args[1]); - for (rc = 0; rc < HTTP_ERR_SIZE; rc++) { - if (http_err_codes[rc] == errnum) { - chunk_destroy(&curproxy->errmsg[rc]); - chunk_initlen(&curproxy->errmsg[rc], err, errlen, errlen); - break; - } - } - - if (rc >= HTTP_ERR_SIZE) { - ha_warning("parsing [%s:%d] : status code %d not handled by '%s', error customization will be ignored.\n", - file, linenum, errnum, args[0]); - err_code |= ERR_WARN; - free(err); - } - } - else { - struct cfg_kw_list *kwl; - int index; - - list_for_each_entry(kwl, &cfg_keywords.list, list) { - for (index = 0; kwl->kw[index].kw != NULL; index++) { - if (kwl->kw[index].section != CFG_LISTEN) - continue; - if (strcmp(kwl->kw[index].kw, args[0]) == 0) { - /* prepare error message just in case */ - rc = kwl->kw[index].parse(args, CFG_LISTEN, curproxy, &defproxy, file, linenum, &errmsg); - if (rc < 0) { - ha_alert("parsing [%s:%d] : %s\n", file, linenum, errmsg); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - else if (rc > 0) { - ha_warning("parsing [%s:%d] : %s\n", file, linenum, errmsg); - err_code |= ERR_WARN; - goto out; - } - goto out; - } - } - } - - ha_alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], cursection); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - out: - free(errmsg); - return err_code; -} int cfg_parse_netns(const char *file, int linenum, char **args, int kwm) diff --git a/src/proxy.c b/src/proxy.c index 6102f981a..76d84a24f 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -59,6 +59,61 @@ struct eb_root used_proxy_id = EB_ROOT; /* list of proxy IDs in use */ struct eb_root proxy_by_name = EB_ROOT; /* tree of proxies sorted by name */ unsigned int error_snapshot_id = 0; /* global ID assigned to each error then incremented */ +/* proxy->options */ +const struct cfg_opt cfg_opts[] = +{ + { "abortonclose", PR_O_ABRT_CLOSE, PR_CAP_BE, 0, 0 }, + { "allbackups", PR_O_USE_ALL_BK, PR_CAP_BE, 0, 0 }, + { "checkcache", PR_O_CHK_CACHE, PR_CAP_BE, 0, PR_MODE_HTTP }, + { "clitcpka", PR_O_TCP_CLI_KA, PR_CAP_FE, 0, 0 }, + { "contstats", PR_O_CONTSTATS, PR_CAP_FE, 0, 0 }, + { "dontlognull", PR_O_NULLNOLOG, PR_CAP_FE, 0, 0 }, + { "http_proxy", PR_O_HTTP_PROXY, PR_CAP_FE | PR_CAP_BE, 0, PR_MODE_HTTP }, + { "http-buffer-request", PR_O_WREQ_BODY, PR_CAP_FE | PR_CAP_BE, 0, PR_MODE_HTTP }, + { "http-ignore-probes", PR_O_IGNORE_PRB, PR_CAP_FE, 0, PR_MODE_HTTP }, + { "prefer-last-server", PR_O_PREF_LAST, PR_CAP_BE, 0, PR_MODE_HTTP }, + { "logasap", PR_O_LOGASAP, PR_CAP_FE, 0, 0 }, + { "nolinger", PR_O_TCP_NOLING, PR_CAP_FE | PR_CAP_BE, 0, 0 }, + { "persist", PR_O_PERSIST, PR_CAP_BE, 0, 0 }, + { "srvtcpka", PR_O_TCP_SRV_KA, PR_CAP_BE, 0, 0 }, +#ifdef TPROXY + { "transparent", PR_O_TRANSP, PR_CAP_BE, 0, 0 }, +#else + { "transparent", 0, 0, 0, 0 }, +#endif + + { NULL, 0, 0, 0, 0 } +}; + +/* proxy->options2 */ +const struct cfg_opt cfg_opts2[] = +{ +#ifdef CONFIG_HAP_LINUX_SPLICE + { "splice-request", PR_O2_SPLIC_REQ, PR_CAP_FE|PR_CAP_BE, 0, 0 }, + { "splice-response", PR_O2_SPLIC_RTR, PR_CAP_FE|PR_CAP_BE, 0, 0 }, + { "splice-auto", PR_O2_SPLIC_AUT, PR_CAP_FE|PR_CAP_BE, 0, 0 }, +#else + { "splice-request", 0, 0, 0, 0 }, + { "splice-response", 0, 0, 0, 0 }, + { "splice-auto", 0, 0, 0, 0 }, +#endif + { "accept-invalid-http-request", PR_O2_REQBUG_OK, PR_CAP_FE, 0, PR_MODE_HTTP }, + { "accept-invalid-http-response", PR_O2_RSPBUG_OK, PR_CAP_BE, 0, PR_MODE_HTTP }, + { "dontlog-normal", PR_O2_NOLOGNORM, PR_CAP_FE, 0, 0 }, + { "log-separate-errors", PR_O2_LOGERRORS, PR_CAP_FE, 0, 0 }, + { "log-health-checks", PR_O2_LOGHCHKS, PR_CAP_BE, 0, 0 }, + { "socket-stats", PR_O2_SOCKSTAT, PR_CAP_FE, 0, 0 }, + { "tcp-smart-accept", PR_O2_SMARTACC, PR_CAP_FE, 0, 0 }, + { "tcp-smart-connect", PR_O2_SMARTCON, PR_CAP_BE, 0, 0 }, + { "independant-streams", PR_O2_INDEPSTR, PR_CAP_FE|PR_CAP_BE, 0, 0 }, + { "independent-streams", PR_O2_INDEPSTR, PR_CAP_FE|PR_CAP_BE, 0, 0 }, + { "http-use-proxy-header", PR_O2_USE_PXHDR, PR_CAP_FE, 0, PR_MODE_HTTP }, + { "http-pretend-keepalive", PR_O2_FAKE_KA, PR_CAP_BE, 0, PR_MODE_HTTP }, + { "http-no-delay", PR_O2_NODELAY, PR_CAP_FE|PR_CAP_BE, 0, PR_MODE_HTTP }, + { "http-use-htx", PR_O2_USE_HTX, PR_CAP_FE|PR_CAP_BE, 0, PR_MODE_HTTP }, + { NULL, 0, 0, 0 } +}; + /* * This function returns a string containing a name describing capabilities to * report comprehensible error messages. Specifically, it will return the words